GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-27 01:02:50 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006f Samsung_ rev.EMT0 232,89GB Running: fqvzhpfo.exe; Driver: C:\Users\PTYLLO\AppData\Local\Temp\pxddakod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwAllocateVirtualMemory [0x927E20BE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwAlpcConnectPort [0x927E5566] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x927E509C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwAssignProcessToJobObject [0x927E2C88] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwClose [0x927E5B8C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwConnectPort [0x927E4418] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateFile [0x927E395C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateKey [0x927E4B10] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateProcess [0x927E2EDE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateProcessEx [0x927E2F94] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateSection [0x927E327E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateThread [0x927E1A2E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwCreateThreadEx [0x927E5DA8] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwDeviceIoControlFile [0x927E4C80] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwDuplicateObject [0x927E911A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwFsControlFile [0x927E4F38] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwLoadDriver [0x927E2594] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwMakeTemporaryObject [0x927E5934] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwOpenFile [0x927E374E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwOpenProcess [0x927E8B72] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwOpenSection [0x927E304E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwOpenThread [0x927E8E22] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwProtectVirtualMemory [0x927E1F42] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwQueueApcThread [0x927E2DB0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwReplaceKey [0x927E5782] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwRequestPort [0x927E4586] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwRequestWaitReplyPort [0x927E3F1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwRestoreKey [0x927E580C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSecureConnectPort [0x927E49A0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSetContextThread [0x927E1B9E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSetSecurityObject [0x927E56DC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSetSystemInformation [0x927E278E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwShutdownSystem [0x927E589E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSuspendProcess [0x927E1E1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSuspendThread [0x927E1CF4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwSystemDebugControl [0x927E2BBA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwTerminateProcess [0x927E8A6A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwTerminateThread [0x927E930C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwUnloadDriver [0x927E59CA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys ZwWriteVirtualMemory [0x927E18B2] SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8C1EF000 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 83050B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308ABB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83091FD8 4 Bytes [BE, 20, 7E, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83091FE4 4 Bytes [66, 55, 7E, 92] {PUSH BP; JLE 0xffffff96} .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83092028 4 Bytes [9C, 50, 7E, 92] {PUSHF ; PUSH EAX; JLE 0xffffff96} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83092038 4 Bytes [88, 2C, 7E, 92] {MOV [ESI+EDI*2], CH; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83092054 4 Bytes [8C, 5B, 7E, 92] {MOV [EBX+0x7e], DS; XCHG EDX, EAX} .text ... ? C:\Windows\gdrv.sys suspicious PE modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, 28, 22, 00] {SUB [EAX], CH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, 2B, 22, 00] {SUB [EBX], CH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, 28, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, 29, 22, 00] {TEST AL, 0x29; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, 2A, 22, 00] {TEST AL, 0x2a; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, 29, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, 2A, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, 28, 22, 00] {TEST AL, 0x28; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, 29, 22, 00] {SUB [ECX], CH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, 2A, 22, 00] {SUB [EDX], CH; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, 2B, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[636] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[716] ntdll.dll!NtTerminateProcess 776F69B0 5 Bytes JMP 01F707D0 .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[716] kernel32.dll!UnhandledExceptionFilter 77390781 5 Bytes JMP 021607D0 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803309 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 748033A1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802C81 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 74801DA9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74803C89 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803D21 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802BE9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802D19 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802B51 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803F81 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802989 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803DB9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803EE9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74803271 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74803011 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802EE1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74803141 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74804279 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748028F1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74804149 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74804019 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748041E1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 748040B1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74804311 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748043A9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74803861 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803731 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803601 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74803991 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803B59 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803699 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803AC1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748038F9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803A29 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74804441 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802AB9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 748037C9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Internet Download Manager\IDMan.exe[724] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802A21 .text C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[1104] ntdll.dll!NtTerminateProcess 776F69B0 5 Bytes JMP 015607D0 .text C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[1104] kernel32.dll!UnhandledExceptionFilter 77390781 5 Bytes JMP 014E07D0 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1416] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[1476] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[1476] user32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[1476] user32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[1476] user32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[1476] user32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[1476] user32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[1476] user32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[1476] user32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[1476] user32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[1476] user32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[1476] user32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[1476] user32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[1476] user32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[1476] user32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[1476] user32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[1476] user32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[1476] user32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[1476] user32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[1476] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[1476] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\svchost.exe[1616] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\svchost.exe[1616] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\svchost.exe[1616] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\System32\svchost.exe[1616] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\svchost.exe[1616] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\svchost.exe[1616] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\System32\svchost.exe[1616] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\svchost.exe[1616] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\System32\svchost.exe[1616] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\System32\svchost.exe[1616] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\System32\svchost.exe[1616] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807881 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\svchost.exe[1652] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\svchost.exe[1652] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\svchost.exe[1652] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\System32\svchost.exe[1652] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\svchost.exe[1652] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\svchost.exe[1652] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\System32\svchost.exe[1652] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\svchost.exe[1652] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\svchost.exe[1652] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\svchost.exe[1652] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\System32\svchost.exe[1652] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807751 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748077E9 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\System32\svchost.exe[1652] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[1684] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[1684] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[1684] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[1684] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[1684] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748077E9 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[1716] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[1716] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[1716] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[1716] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[1716] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[1716] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[1716] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[1716] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\svchost.exe[1716] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[1848] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[1848] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[1848] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[1848] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[1848] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[1848] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[1848] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[1848] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\spoolsv.exe[1880] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\System32\spoolsv.exe[1880] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\spoolsv.exe[1880] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748077E9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\spoolsv.exe[1880] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Windows\System32\spoolsv.exe[1880] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807A49 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\System32\spoolsv.exe[1880] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\System32\spoolsv.exe[1880] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\System32\spoolsv.exe[1880] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807AE1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\igfxCUIService.exe[1952] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\igfxCUIService.exe[1952] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\igfxCUIService.exe[1952] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\igfxCUIService.exe[1952] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\igfxCUIService.exe[1952] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\igfxCUIService.exe[1952] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Windows\system32\igfxCUIService.exe[1952] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\igfxCUIService.exe[1952] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\igfxCUIService.exe[1952] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748079B1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\igfxCUIService.exe[1952] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[2024] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[2024] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[2024] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[2044] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[2044] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[2044] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[2044] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[2044] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[2044] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[2044] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[2092] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[2092] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[2092] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[2092] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[2092] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[2092] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[2092] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[2092] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[2092] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[2092] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\svchost.exe[2092] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\svchost.exe[2092] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807919 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807AE1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807B79 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2180] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2200] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748079B1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2236] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807881 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748079B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2324] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807AE1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\svchost.exe[2356] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\svchost.exe[2356] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\svchost.exe[2356] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\svchost.exe[2356] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807589 .text C:\Windows\System32\svchost.exe[2356] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\svchost.exe[2356] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\System32\svchost.exe[2356] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 100078E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807881 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748079B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Google\Chrome Remote Desktop\46.0.2490.13\remoting_host.exe[2384] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807AE1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] KERNEL32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748080D1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808169 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808299 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] shell32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Gigabyte\AppCenter\AdjustService.exe[2412] shell32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808331 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2524] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\nvvsvc.exe[2596] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\nvvsvc.exe[2596] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\nvvsvc.exe[2596] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\system32\nvvsvc.exe[2596] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\nvvsvc.exe[2596] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\nvvsvc.exe[2596] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\nvvsvc.exe[2596] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\nvvsvc.exe[2596] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\nvvsvc.exe[2596] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\nvvsvc.exe[2596] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\nvvsvc.exe[2596] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 100078E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807A49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2688] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807A49 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2744] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807AE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807A49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2808] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, 30, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, 33, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, 30, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, 31, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + 6 776F5E86 4 Bytes CALL 76704FBC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, 32, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, 31, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, 32, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + 6 776F5F16 4 Bytes CALL 7670504D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, 30, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + 6 776F60D6 4 Bytes CALL 7670520B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, 31, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, 32, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, 33, F1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2836] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748080D1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808169 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Skype\Updater\Updater.exe[2864] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Skype\Updater\Updater.exe[2864] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\Skype\Updater\Updater.exe[2864] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808299 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Skype\Updater\Updater.exe[2864] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748080D1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808169 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808299 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2924] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[2952] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[2952] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[2952] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[2952] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[2952] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[2952] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[2952] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[2952] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[2952] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\svchost.exe[2952] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748077E9 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[2952] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2996] ntdll.dll!NtTerminateProcess 776F69B0 5 Bytes JMP 015407D0 .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2996] kernel32.dll!UnhandledExceptionFilter 77390781 5 Bytes JMP 017207D0 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748080D1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808169 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808299 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74808331 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748083C9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\WajaIntEn\b971ac358b922fda19b188159e4df00b.exe[3040] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\svchost.exe[3768] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\svchost.exe[3768] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\svchost.exe[3768] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\system32\svchost.exe[3768] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\svchost.exe[3768] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807589 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\svchost.exe[3768] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\svchost.exe[3768] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807621 .text C:\Windows\system32\svchost.exe[3768] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748076B9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\svchost.exe[3768] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\svchost.exe[3768] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 748074F1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807589 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74807621 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748077E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807919 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\wbem\wmiprvse.exe[4008] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\taskhost.exe[4228] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\taskhost.exe[4228] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\taskhost.exe[4228] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\system32\taskhost.exe[4228] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\taskhost.exe[4228] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\taskhost.exe[4228] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\taskhost.exe[4228] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\taskhost.exe[4228] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\taskhost.exe[4228] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\taskhost.exe[4228] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\taskhost.exe[4228] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] KERNEL32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] shell32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4288] shell32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807A49 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4304] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803309 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 748033A1 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802C81 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 74801DA9 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74803C89 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803D21 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802BE9 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802D19 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802B51 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803F81 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802989 .text C:\Windows\Explorer.EXE[4328] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803DB9 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803EE9 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74803271 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74803011 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802EE1 .text C:\Windows\Explorer.EXE[4328] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74803141 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803731 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803601 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74803991 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803B59 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803699 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803AC1 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748038F9 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803A29 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74804279 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802AB9 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 748037C9 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Windows\Explorer.EXE[4328] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802A21 .text C:\Windows\Explorer.EXE[4328] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74804311 .text C:\Windows\Explorer.EXE[4328] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74803861 .text C:\Windows\Explorer.EXE[4328] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74804149 .text C:\Windows\Explorer.EXE[4328] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Windows\Explorer.EXE[4328] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74804019 .text C:\Windows\Explorer.EXE[4328] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Windows\Explorer.EXE[4328] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748041E1 .text C:\Windows\Explorer.EXE[4328] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 748040B1 .text C:\Windows\Explorer.EXE[4328] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748043A9 .text C:\Windows\Explorer.EXE[4328] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Windows\Explorer.EXE[4328] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74804441 .text C:\Windows\Explorer.EXE[4328] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!closesocket 77803918 5 Bytes JMP 5D483970 c:\program files\wajainten\wajaintenlibs\xjghm.peg .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!WSASend 77804406 5 Bytes JMP 5D483540 c:\program files\wajainten\wajaintenlibs\xjghm.peg .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!recv 77806B0E 5 Bytes JMP 5D483660 c:\program files\wajainten\wajaintenlibs\xjghm.peg .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!send 77806F01 5 Bytes JMP 5D483520 c:\program files\wajainten\wajaintenlibs\xjghm.peg .text C:\Program Files\Google\Chrome\Application\chrome.exe[4512] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 5D4837D0 c:\program files\wajainten\wajaintenlibs\xjghm.peg .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, 08, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, 0B, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, 08, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, 09, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, 0A, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, 09, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, 0A, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, 08, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, 09, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, 0A, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, 0B, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4652] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748080D1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808169 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808201 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808299 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808331 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4728] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, C3, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, C0, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, C1, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, C2, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, C3, 45, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4748] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\SearchIndexer.exe[4768] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\SearchIndexer.exe[4768] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\SearchIndexer.exe[4768] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\SearchIndexer.exe[4768] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\SearchIndexer.exe[4768] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\SearchIndexer.exe[4768] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\SearchIndexer.exe[4768] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\SearchIndexer.exe[4768] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\system32\SearchIndexer.exe[4768] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\SearchIndexer.exe[4768] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\SearchIndexer.exe[4768] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 100078E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4852] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807A49 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\taskeng.exe[4996] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\taskeng.exe[4996] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\taskeng.exe[4996] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\taskeng.exe[4996] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\taskeng.exe[4996] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\taskeng.exe[4996] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Windows\system32\taskeng.exe[4996] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\taskeng.exe[4996] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\taskeng.exe[4996] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, 68, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, 6B, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, 68, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, 69, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, 6A, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, 69, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, 6A, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, 68, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, 69, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, 6A, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, 6B, 2F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5024] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, 94, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, 97, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, 94, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, 95, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessToken + 6 776F5E86 4 Bytes CALL 76700D20 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, 96, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, 95, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, 96, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadTokenEx + 6 776F5F16 4 Bytes CALL 76700DB1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, 94, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryFullAttributesFile + 6 776F60D6 4 Bytes CALL 76700F6F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, 95, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, 96, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, 97, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5128] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801F71 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802EE1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802F79 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802E49 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802DB1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 748033A1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 74803271 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803309 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804B61 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 748031D9 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805909 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802399 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 748034D1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 74803439 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74805871 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74803141 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801B49 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748020A1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804BF9 .text C:\Windows\system32\RunDll32.exe[5228] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74802009 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801E41 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802AB9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 748027C1 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 74802691 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 748030A9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804AC9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74802989 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804999 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 74804739 .text C:\Windows\system32\RunDll32.exe[5228] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 74804869 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804C91 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804D29 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748050B9 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802C81 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805021 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805151 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74804441 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 74804571 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 74803569 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 748054E1 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804609 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 748044D9 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805449 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805281 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 748051E9 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805319 .text C:\Windows\system32\RunDll32.exe[5228] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 748053B1 .text C:\Windows\system32\RunDll32.exe[5228] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\RunDll32.exe[5228] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\RunDll32.exe[5228] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Windows\system32\RunDll32.exe[5228] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801C79 .text C:\Windows\system32\RunDll32.exe[5228] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801BE1 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803D21 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803C89 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74804149 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 748043A9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803EE9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803F81 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74804019 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748040B1 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803E51 .text C:\Windows\system32\RunDll32.exe[5228] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804311 .text C:\Windows\system32\RunDll32.exe[5228] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804DC1 .text C:\Windows\system32\RunDll32.exe[5228] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807A49 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748057D9 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74805741 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!WSASend 77804406 5 Bytes JMP 748021D1 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804E59 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!connect 77806BDD 5 Bytes JMP 74804279 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!send 77806F01 5 Bytes JMP 74802139 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804EF1 .text C:\Windows\system32\RunDll32.exe[5228] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804F89 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\taskeng.exe[5264] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\taskeng.exe[5264] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\taskeng.exe[5264] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\taskeng.exe[5264] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\taskeng.exe[5264] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\taskeng.exe[5264] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Windows\system32\taskeng.exe[5264] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\taskeng.exe[5264] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\taskeng.exe[5264] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe[5320] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748080D1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808169 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808299 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74808331 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748083C9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text c:\program files\wajainten\b971ac358b922fda19b188159e4df00b.exe[5416] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, A8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, AB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, A8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, A9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, AA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, A9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, AA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, A8, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, A9, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, AA, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, AB, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5588] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803271 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateFile 776F56B0 5 Bytes JMP 74803309 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateFile + 6 776F56B6 4 Bytes [28, C4, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateFile + B 776F56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802BE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtMapViewOfSection 776F5D10 5 Bytes JMP 748015F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtMapViewOfSection + 6 776F5D16 4 Bytes [28, C7, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtMapViewOfSection + B 776F5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenFile + 6 776F5DC6 4 Bytes [68, C4, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenFile + B 776F5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcess 776F5E70 5 Bytes JMP 74801DA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcess + 6 776F5E76 4 Bytes [A8, C5, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcess + B 776F5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessToken 776F5E80 5 Bytes JMP 74803BF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessToken + B 776F5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessTokenEx + 6 776F5E96 4 Bytes [A8, C6, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessTokenEx + B 776F5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThread + 6 776F5EF6 4 Bytes [68, C5, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThread + B 776F5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadToken + 6 776F5F06 4 Bytes [68, C6, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadToken + B 776F5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadTokenEx + B 776F5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtProtectVirtualMemory + 5 776F6005 5 Bytes JMP 748044D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryAttributesFile + 6 776F6026 4 Bytes [A8, C4, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryAttributesFile + B 776F602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryFullAttributesFile + B 776F60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803C89 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationFile + 6 776F6726 4 Bytes [28, C5, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationFile + B 776F672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802B51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationThread + 6 776F6786 4 Bytes [28, C6, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationThread + B 776F678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802C81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802AB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtUnmapViewOfSection 776F6AA0 5 Bytes JMP 74801689 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtUnmapViewOfSection + 6 776F6AA6 4 Bytes [68, C7, 4A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtUnmapViewOfSection + B 776F6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803EE9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 748028F1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803D21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803E51 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!CreateProcessW 7733204D 5 Bytes JMP 74804C91 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74804DC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748031D9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74802F79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!CreateProcessInternalA 7738C9CC 5 Bytes JMP 74804EF1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802E49 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 748030A9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 74804B61 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803699 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803569 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748038F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803AC1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803601 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803A29 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74803861 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803991 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74805449 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802A21 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74803731 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802989 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 748040B1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 74803F81 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74804149 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804019 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748054E1 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74805579 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748037C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74805611 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74804279 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5596] WS2_32.dll!send 77806F01 5 Bytes JMP 748041E1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748080D1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808169 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808299 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808331 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748083C9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe[5888] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetScrollRange 75AD8EC5 5 Bytes JMP 003251E6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!GetScrollInfo 75AE2DA3 5 Bytes JMP 0032516D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetScrollInfo 75AE48DA 5 Bytes JMP 00325223 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748080D1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!GetScrollRange 75B0045A 5 Bytes JMP 00325104 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetScrollPos 75B004BE 5 Bytes JMP 003250D9 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!GetScrollPos 75B00E43 5 Bytes JMP 00325142 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!EnableScrollBar 75B019CE 5 Bytes JMP 0032525D C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!ShowScrollBar 75B03C89 5 Bytes JMP 003251A6 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\CCleaner\CCleaner.exe[5936] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\CCleaner\CCleaner.exe[5936] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808169 .text C:\Program Files\CCleaner\CCleaner.exe[5936] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\CCleaner\CCleaner.exe[5936] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808201 .text C:\Program Files\CCleaner\CCleaner.exe[5936] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\CCleaner\CCleaner.exe[5936] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\CCleaner\CCleaner.exe[5936] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808299 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808331 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748083C9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text C:\Program Files\CCleaner\CCleaner.exe[5936] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\WUDFHost.exe[5940] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\WUDFHost.exe[5940] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\WUDFHost.exe[5940] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\WUDFHost.exe[5940] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\System32\WUDFHost.exe[5940] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\WUDFHost.exe[5940] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\WUDFHost.exe[5940] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\WUDFHost.exe[5940] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\System32\WUDFHost.exe[5940] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Bitdefender\Bitdefender\bdagent.exe[6028] ntdll.dll!NtTerminateProcess 776F69B0 5 Bytes JMP 029307D0 .text C:\Program Files\Bitdefender\Bitdefender\bdagent.exe[6028] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 021878E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\Bitdefender\Bitdefender\bdagent.exe[6028] kernel32.dll!UnhandledExceptionFilter 77390781 5 Bytes JMP 027A07D0 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[6068] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\SearchProtocolHost.exe[6192] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\SearchProtocolHost.exe[6192] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\SearchProtocolHost.exe[6192] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\system32\SearchProtocolHost.exe[6192] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\SearchProtocolHost.exe[6192] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\SearchProtocolHost.exe[6192] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\SearchFilterHost.exe[6268] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\SearchFilterHost.exe[6268] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\SearchFilterHost.exe[6268] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\SearchFilterHost.exe[6268] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\SearchFilterHost.exe[6268] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\SearchFilterHost.exe[6268] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\SearchFilterHost.exe[6268] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\SearchFilterHost.exe[6268] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\system32\SearchFilterHost.exe[6268] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807DD9 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807E71 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtReadFile + 5 776F63A5 5 Bytes JMP 74807291 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807FA1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807F09 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\!A\fqvzhpfo.exe[6340] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\!A\fqvzhpfo.exe[6340] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74807589 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74807459 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807AE1 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807CA9 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 748074F1 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807C11 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807A49 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807B79 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808169 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807621 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\!A\fqvzhpfo.exe[6340] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\!A\fqvzhpfo.exe[6340] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808201 .text C:\!A\fqvzhpfo.exe[6340] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\!A\fqvzhpfo.exe[6340] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\!A\fqvzhpfo.exe[6340] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808299 .text C:\!A\fqvzhpfo.exe[6340] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 748079B1 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74808039 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748080D1 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808331 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\!A\fqvzhpfo.exe[6340] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 100078E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807A49 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6532] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\system32\wbem\unsecapp.exe[6600] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\wbem\unsecapp.exe[6600] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\wbem\unsecapp.exe[6600] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807919 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\wbem\unsecapp.exe[6600] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748079B1 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\wbem\unsecapp.exe[6600] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 054878E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] KERNEL32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748080D1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808169 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808299 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808331 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74808591 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text C:\Program Files\Gigabyte\AppCenter\ApCent.exe[6652] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!SetFileCompletionNotificationModes 7738F10D 5 Bytes JMP 100078E0 C:\Windows\system32\LavasoftTcpService.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748079B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7060] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74807A49 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\taskeng.exe[7084] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\taskeng.exe[7084] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807751 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\taskeng.exe[7084] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\taskeng.exe[7084] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748077E9 .text C:\Windows\system32\taskeng.exe[7084] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\taskeng.exe[7084] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807881 .text C:\Windows\system32\taskeng.exe[7084] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\taskeng.exe[7084] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807919 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\taskeng.exe[7084] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 748074F1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74807751 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807589 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74807621 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 748077E9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807919 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\wbem\wmiprvse.exe[7232] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\svchost.exe[7408] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\svchost.exe[7408] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\svchost.exe[7408] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\System32\svchost.exe[7408] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\svchost.exe[7408] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807589 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806C09 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806DD1 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806E69 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806D39 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\System32\svchost.exe[7408] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 .text C:\Windows\System32\svchost.exe[7408] user32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\svchost.exe[7408] user32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\svchost.exe[7408] user32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\svchost.exe[7408] user32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\svchost.exe[7408] user32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\svchost.exe[7408] user32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\svchost.exe[7408] user32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\svchost.exe[7408] user32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\svchost.exe[7408] user32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\svchost.exe[7408] user32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\svchost.exe[7408] user32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807621 .text C:\Windows\System32\svchost.exe[7408] user32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\svchost.exe[7408] user32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\svchost.exe[7408] user32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\svchost.exe[7408] user32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\svchost.exe[7408] user32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\svchost.exe[7408] user32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\svchost.exe[7408] user32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\svchost.exe[7408] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 748076B9 .text C:\Windows\System32\svchost.exe[7408] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\svchost.exe[7408] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\System32\svchost.exe[7408] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\System32\svchost.exe[7408] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748077E9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 748080D1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!closesocket 77803918 5 Bytes JMP 748060C1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 74806029 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74807621 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74805741 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!recv 77806B0E 5 Bytes JMP 748077E9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74807881 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74807751 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 748057D9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74805871 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808169 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808201 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808299 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74808331 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe[7544] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748083C9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\vssvc.exe[7588] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\vssvc.exe[7588] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\vssvc.exe[7588] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\vssvc.exe[7588] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\vssvc.exe[7588] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\vssvc.exe[7588] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\vssvc.exe[7588] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\vssvc.exe[7588] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\system32\vssvc.exe[7588] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807329 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 748073C1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807459 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\System32\svchost.exe[7628] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\System32\svchost.exe[7628] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\System32\svchost.exe[7628] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748074F1 .text C:\Windows\System32\svchost.exe[7628] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\System32\svchost.exe[7628] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807589 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\System32\svchost.exe[7628] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\System32\svchost.exe[7628] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807621 .text C:\Windows\System32\svchost.exe[7628] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F01 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806AD9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748069A9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 74807031 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 748071F9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806A41 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807161 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74806F99 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 748070C9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748076B9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806B71 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\System32\svchost.exe[7628] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74807161 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 748067E1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74806879 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74807D41 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807DD9 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 748061F1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74806911 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74806159 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807F09 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74807E71 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Program Files\TC UP\TC UP.exe[7736] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74806749 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 748070C9 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74806E69 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74806D39 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806F99 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Program Files\TC UP\TC UP.exe[7736] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptGenKey 77288E89 5 Bytes JMP 748074F1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 748073C1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptExportKey 77289186 5 Bytes JMP 74807A49 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807C11 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74807459 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptHashData 7728DED6 5 Bytes JMP 74807B79 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748079B1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807AE1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748080D1 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74807589 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Program Files\TC UP\TC UP.exe[7736] advapi32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Program Files\TC UP\TC UP.exe[7736] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 74808169 .text C:\Program Files\TC UP\TC UP.exe[7736] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Program Files\TC UP\TC UP.exe[7736] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Program Files\TC UP\TC UP.exe[7736] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74808201 .text C:\Program Files\TC UP\TC UP.exe[7736] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74807919 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 748064E9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74806451 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74806581 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807FA1 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 748059A1 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74805909 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 74805A39 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 74808039 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805DC9 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74808299 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 74805D31 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 74805B69 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805AD1 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74806619 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805C01 .text C:\Program Files\TC UP\TC UP.exe[7736] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805C99 .text C:\Program Files\TC UP\TC UP.exe[7736] shell32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Program Files\TC UP\TC UP.exe[7736] shell32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 74808331 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 74803309 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 748033A1 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74801A19 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74801AB1 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74801981 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 748018E9 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74801ED9 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74802C81 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 74801DA9 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 74803C89 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74803D21 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74801E41 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74801D11 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74802BE9 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74802D19 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74802139 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748020A1 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 74802B51 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74803F81 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 74801C79 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802989 .text C:\Program Files\TC UP\totalcmd.exe[7752] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 74803DB9 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74803EE9 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802009 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74803271 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 74803011 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74801BE1 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 74802EE1 .text C:\Program Files\TC UP\totalcmd.exe[7752] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74803141 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!PostMessageA 75ADB446 5 Bytes JMP 74804149 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 748017B9 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!GetMessageA 75AE1899 5 Bytes JMP 74804019 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748021D1 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!PostMessageW 75AE447B 5 Bytes JMP 748041E1 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!GetMessageW 75AECDE8 5 Bytes JMP 748040B1 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74804279 .text C:\Program Files\TC UP\totalcmd.exe[7752] user32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74801721 .text C:\Program Files\TC UP\totalcmd.exe[7752] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74804311 .text C:\Program Files\TC UP\totalcmd.exe[7752] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74803861 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptGenKey 77288E89 5 Bytes JMP 74803731 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74803601 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptExportKey 77289186 5 Bytes JMP 74803991 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74803B59 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74802431 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74803699 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptHashData 7728DED6 5 Bytes JMP 74803AC1 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 748038F9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74803A29 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!OpenServiceA 77292B50 5 Bytes JMP 74802399 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 74802859 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 748043A9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CreateServiceW 772A714C 5 Bytes JMP 74802AB9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!ControlService 772A7164 5 Bytes JMP 748025F9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!DeleteService 772A717C 5 Bytes JMP 74802691 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 748037C9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74802729 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 748027C1 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 748024C9 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74802561 .text C:\Program Files\TC UP\totalcmd.exe[7752] advapi32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74802A21 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\GWX\GWX.exe[7860] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\GWX\GWX.exe[7860] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\GWX\GWX.exe[7860] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\GWX\GWX.exe[7860] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\GWX\GWX.exe[7860] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\GWX\GWX.exe[7860] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807881 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\GWX\GWX.exe[7860] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\GWX\GWX.exe[7860] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807919 .text C:\Windows\system32\GWX\GWX.exe[7860] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\GWX\GWX.exe[7860] SHELL32.dll!Shell_NotifyIconW 76130199 5 Bytes JMP 74804D29 .text C:\Windows\system32\GWX\GWX.exe[7860] SHELL32.dll!SHRestricted + 251E 761914F1 5 Bytes JMP 748079B1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtAdjustPrivilegesToken + 5 776F5355 5 Bytes JMP 748067E1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtClose + 5 776F55B5 5 Bytes JMP 74805E61 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtCreateFile + 5 776F56B5 5 Bytes JMP 74801ED9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtCreateProcess + 5 776F5785 5 Bytes JMP 74802E49 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtCreateProcessEx + 5 776F5795 5 Bytes JMP 74802EE1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtCreateThread + 5 776F5805 5 Bytes JMP 74802DB1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtCreateThreadEx + 5 776F5815 5 Bytes JMP 74802D19 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtDuplicateObject + 5 776F5985 5 Bytes JMP 74803309 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtLoadDriver + 5 776F5C45 5 Bytes JMP 74805EF9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtMapViewOfSection + 5 776F5D15 5 Bytes JMP 748015F1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtOpenProcess + 5 776F5E75 5 Bytes JMP 748031D9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtOpenProcessToken + 5 776F5E85 5 Bytes JMP 748073C1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtQueryInformationToken + 5 776F6165 5 Bytes JMP 74807459 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtQueueApcThread + 5 776F6365 5 Bytes JMP 74803271 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtRaiseHardError + 5 776F6395 5 Bytes JMP 74804AC9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSetContextThread + 5 776F6655 5 Bytes JMP 74803141 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSetInformationProcess + 5 776F6765 5 Bytes JMP 74805871 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSetSystemInformation + 5 776F6875 5 Bytes JMP 74805F91 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSetValueKey + 5 776F68F5 5 Bytes JMP 74802301 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSuspendProcess + 5 776F6975 5 Bytes JMP 74803439 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtSuspendThread + 5 776F6985 5 Bytes JMP 748033A1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtTerminateProcess + 5 776F69B5 5 Bytes JMP 748057D9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtUnmapViewOfSection + 5 776F6AA5 5 Bytes JMP 74801689 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtVdmControl + 5 776F6AB5 5 Bytes JMP 74807589 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!NtWriteVirtualMemory + 5 776F6B85 5 Bytes JMP 748030A9 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!RtlQueryPerformanceCounter 777031DF 5 Bytes JMP 74801AB1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!RtlCreateProcessParametersEx 77717201 5 Bytes JMP 74802009 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!RtlEqualSid 7771E4E4 5 Bytes JMP 748074F1 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!RtlReportException 77756623 5 Bytes JMP 74804B61 .text C:\Windows\system32\sppsvc.exe[7892] ntdll.dll!RtlCreateProcessParameters 77759F6A 5 Bytes JMP 74801F71 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!GetStartupInfoA 77331E10 5 Bytes JMP 74801DA9 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!CreateProcessA 77332082 5 Bytes JMP 74802A21 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!CreateToolhelp32Snapshot 7736FE3A 5 Bytes JMP 74802729 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!Process32NextW 773701D2 5 Bytes JMP 74805DC9 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!MoveFileWithProgressW 77378EE4 5 Bytes JMP 74806749 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!MoveFileExW 77378F08 5 Bytes JMP 748064E9 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!LoadLibraryA 7737DD65 5 Bytes JMP 748025F9 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!CreateProcessInternalW 773808A2 5 Bytes JMP 74803011 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!ReadConsoleW 773927EE 5 Bytes JMP 74804A31 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!MoveFileExA 773940A8 5 Bytes JMP 748063B9 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!MoveFileWithProgressA 773940C8 5 Bytes JMP 74806619 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!WinExec 773BF2AE 5 Bytes JMP 748028F1 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!ReadConsoleA 773DCEE8 5 Bytes JMP 74804901 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!ReadConsoleInputA 773DD60F 5 Bytes JMP 748046A1 .text C:\Windows\system32\sppsvc.exe[7892] kernel32.dll!ReadConsoleInputW 773DD632 5 Bytes JMP 748047D1 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptGenKey 77288E89 5 Bytes JMP 74806B71 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptAcquireContextA 77289179 5 Bytes JMP 74806A41 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptExportKey 77289186 5 Bytes JMP 748070C9 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptImportKey 7728C4D2 5 Bytes JMP 74807291 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!OpenServiceW 7728C9EC 5 Bytes JMP 74803C89 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptAcquireContextW 7728DEB4 5 Bytes JMP 74806AD9 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptHashData 7728DED6 5 Bytes JMP 748071F9 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptCreateHash 7728DEEE 5 Bytes JMP 74807031 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptGetHashParam 7728DF1E 5 Bytes JMP 74807161 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!OpenServiceA 77292B50 5 Bytes JMP 74803BF1 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CloseServiceHandle 772935FC 5 Bytes JMP 748040B1 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 1 Byte [E9] .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!RegOpenKeyExA + DE 7729494D 5 Bytes JMP 74807751 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CreateServiceW 772A714C 5 Bytes JMP 74804311 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!ControlService 772A7164 5 Bytes JMP 74803E51 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!DeleteService 772A717C 5 Bytes JMP 74803EE9 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CryptEncrypt 772A77C3 5 Bytes JMP 74806C09 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!ChangeServiceConfigA 772C3384 5 Bytes JMP 74803F81 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!ChangeServiceConfigW 772C3394 5 Bytes JMP 74804019 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!ControlServiceExA 772C33A4 5 Bytes JMP 74803D21 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!ControlServiceExW 772C33B4 5 Bytes JMP 74803DB9 .text C:\Windows\system32\sppsvc.exe[7892] ADVAPI32.dll!CreateServiceA 772C33F4 5 Bytes JMP 74804279 .text C:\Windows\system32\sppsvc.exe[7892] msvcrt.dll!_lock + 29 75A1A472 5 Bytes JMP 748077E9 .text C:\Windows\system32\sppsvc.exe[7892] msvcrt.dll!__p__fmode 75A227CE 5 Bytes JMP 74801BE1 .text C:\Windows\system32\sppsvc.exe[7892] msvcrt.dll!__p__environ 75A2E6CF 5 Bytes JMP 74801B49 .text C:\Windows\system32\sppsvc.exe[7892] GDI32.dll!GdiDllInitialize + 204 774C98F1 5 Bytes JMP 74807881 .text C:\Windows\system32\sppsvc.exe[7892] GDI32.dll!NamedEscape 774F527F 5 Bytes JMP 74806F99 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!FindWindowExA 75AD6F69 5 Bytes JMP 74805B69 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!FindWindowA 75AD8FF3 5 Bytes JMP 74805AD1 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!CallNextHookEx 75ADABE1 5 Bytes JMP 74804BF9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!UnhookWindowsHookEx 75ADADF9 5 Bytes JMP 74804C91 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!FindWindowW 75ADAE0D 5 Bytes JMP 74805C01 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!PostMessageA 75ADB446 5 Bytes JMP 74807621 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!CreateWindowExA 75ADBF40 5 Bytes JMP 74805021 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!SetWindowsHookExW 75ADE30C 5 Bytes JMP 74802BE9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!CreateWindowExW 75ADEC7C 5 Bytes JMP 74804F89 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!ShowWindow 75ADF2A9 5 Bytes JMP 748050B9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!GetMessageA 75AE1899 5 Bytes JMP 748043A9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!PeekMessageA 75AE19A5 5 Bytes JMP 748044D9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!SetWinEventHook 75AE24DC 5 Bytes JMP 748034D1 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!PostMessageW 75AE447B 5 Bytes JMP 748076B9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!SetWindowTextW 75AE612B 5 Bytes JMP 74805449 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!PeekMessageW 75AE634A 5 Bytes JMP 74804571 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!GetMessageW 75AECDE8 5 Bytes JMP 74804441 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!UserClientDllInitialize 75AED711 5 Bytes JMP 74807919 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!SetWindowTextA 75B00C5B 5 Bytes JMP 748053B1 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!DialogBoxIndirectParamAorW 75B03B40 5 Bytes JMP 748051E9 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!CreateDialogIndirectParamAorW 75B05327 5 Bytes JMP 74805151 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!SetWindowsHookExA 75B06D0C 5 Bytes JMP 74802B51 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!FindWindowExW 75B0712B 5 Bytes JMP 74805C99 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!MessageBoxExA 75B2E9C9 5 Bytes JMP 74805281 .text C:\Windows\system32\sppsvc.exe[7892] USER32.dll!MessageBoxExW 75B2E9ED 5 Bytes JMP 74805319 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!WahWriteLSPEvent 7780145D 5 Bytes JMP 74807A49 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!closesocket 77803918 5 Bytes JMP 74805741 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!WSASocketW 77803CD3 5 Bytes JMP 748056A9 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!socket 77803EB8 5 Bytes JMP 74806CA1 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!WSASend 77804406 5 Bytes JMP 74802139 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!GetAddrInfoW 77804889 5 Bytes JMP 74804DC1 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!recv 77806B0E 5 Bytes JMP 74806E69 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!connect 77806BDD 1 Byte [E9] .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!connect 77806BDD 5 Bytes JMP 748041E1 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!send 77806F01 5 Bytes JMP 748020A1 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!WSARecv 77807089 5 Bytes JMP 74806F01 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!WSAConnect 7780CC3F 5 Bytes JMP 74806DD1 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!GetAddrInfoExW 7780D1EA 5 Bytes JMP 74804E59 .text C:\Windows\system32\sppsvc.exe[7892] WS2_32.dll!gethostbyname 77817673 5 Bytes JMP 74804EF1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 26366 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 25697 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@F6B10A46 73 ---- Files - GMER 2.1 ---- File C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 357 bytes File C:\Windows\Temp\~bd437.tmp 0 bytes ---- EOF - GMER 2.1 ----