GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-29 19:35:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 596,17GB Running: me9v4s41.exe; Driver: C:\Users\Monika\AppData\Local\Temp\uwrdapog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f5400 7 bytes [00, 5C, F3, FF, 41, 66, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f5408 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e3da60 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e3dc60 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\csrss.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e3da60 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e3dc60 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\services.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\services.exe[840] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\services.exe[840] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefebd3440 6 bytes {JMP QWORD [RIP+0x13cbf0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076bd6ef0 6 bytes {JMP QWORD [RIP+0x9869140]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076bd8184 6 bytes {JMP QWORD [RIP+0x9947eac]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetParent 0000000076bd8530 6 bytes {JMP QWORD [RIP+0x9887b00]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000076bd9bcc 6 bytes {JMP QWORD [RIP+0x95e6464]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!PostMessageA 0000000076bda404 6 bytes {JMP QWORD [RIP+0x9625c2c]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!EnableWindow 0000000076bdaaa0 6 bytes {JMP QWORD [RIP+0x9985590]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!MoveWindow 0000000076bdaad0 6 bytes {JMP QWORD [RIP+0x98a5560]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076bdc720 6 bytes {JMP QWORD [RIP+0x9843910]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076bdcd50 6 bytes {JMP QWORD [RIP+0x99232e0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076bdd2b0 6 bytes {JMP QWORD [RIP+0x9662d80]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageA 0000000076bdd338 6 bytes {JMP QWORD [RIP+0x96a2cf8]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076bddc40 6 bytes {JMP QWORD [RIP+0x97823f0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076bdf510 6 bytes {JMP QWORD [RIP+0x9960b20]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076bdf874 6 bytes {JMP QWORD [RIP+0x95a07bc]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076bdfac0 6 bytes {JMP QWORD [RIP+0x9700570]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076be0b74 6 bytes {JMP QWORD [RIP+0x967f4bc]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000076be33b0 6 bytes {JMP QWORD [RIP+0x95fcc80]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000076be4d4d 5 bytes {JMP QWORD [RIP+0x95bb2e4]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!GetKeyState 0000000076be5010 6 bytes {JMP QWORD [RIP+0x981b020]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076be5438 6 bytes {JMP QWORD [RIP+0x973abf8]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageW 0000000076be6b50 6 bytes {JMP QWORD [RIP+0x96b94e0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!PostMessageW 0000000076be76e4 6 bytes {JMP QWORD [RIP+0x963894c]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076bedd90 6 bytes {JMP QWORD [RIP+0x97b22a0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076bee874 6 bytes {JMP QWORD [RIP+0x98f17bc]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076bef780 6 bytes {JMP QWORD [RIP+0x98b08b0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076bf28e4 6 bytes {JMP QWORD [RIP+0x974d74c]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!mouse_event 0000000076bf3894 6 bytes {JMP QWORD [RIP+0x954c79c]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076bf8a10 6 bytes {JMP QWORD [RIP+0x97e7620]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076bf8be0 6 bytes {JMP QWORD [RIP+0x96c7450]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076bf8c20 6 bytes {JMP QWORD [RIP+0x9567410]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendInput 0000000076bf8cd0 6 bytes {JMP QWORD [RIP+0x97c7360]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!BlockInput 0000000076bfad60 6 bytes {JMP QWORD [RIP+0x98c52d0]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076c214e0 6 bytes {JMP QWORD [RIP+0x995eb50]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!keybd_event 0000000076c445a4 6 bytes {JMP QWORD [RIP+0x94dba8c]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076c4cc08 6 bytes {JMP QWORD [RIP+0x9733428]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076c4df18 6 bytes {JMP QWORD [RIP+0x96b2118]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\services.exe[840] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 38d6a0 .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefebd3440 6 bytes {JMP QWORD [RIP+0x13cbf0]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 1000c .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 45aa9cff .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefebd3440 6 bytes {JMP QWORD [RIP+0x13cbf0]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP faa0142b .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 10002 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1096] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 69004600 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes JMP 9159ff1 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes JMP 9156aa9 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes JMP 4d0045 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes JMP 9a6580 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes JMP 4c005c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes JMP 9a5cc28 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes JMP 99c6109 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes JMP 9736050 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes JMP ba180 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes JMP 35 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes JMP 20d92d2b .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes JMP 17e580 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes JMP 2a122cfd .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes JMP 31 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes JMP 9ab4f31 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes JMP 2e0045 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes JMP 985afc8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes JMP bb8f2df0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes JMP 244f2b60 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes JMP 9a14591 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes JMP 9cf3fb8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes JMP 98b78f1 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes JMP 1883 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes JMP 16f7180 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes JMP 23702412 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes JMP 2a112cfd .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes JMP 117580 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes JMP 961d019 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes JMP 26c8599 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes JMP 2e9c2f02 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes JMP 92f1f01 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes JMP 442b391 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 1000c .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP b22a9738 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP f9c018a0 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefebd3440 6 bytes {JMP QWORD [RIP+0x13cbf0]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefddd8fe4 5 bytes [FF, 25, 4C, 70, DA] .text C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefdff2398 6 bytes {JMP QWORD [RIP+0xb5dc98]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP f1eef1ee .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 1 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 2d3770 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 3b9f40 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 10 .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\nvvsvc.exe[1620] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\WLANExt.exe[1728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\conhost.exe[1744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\System32\spoolsv.exe[2000] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefebd3440 6 bytes {JMP QWORD [RIP+0x13cbf0]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 2000000 .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[2068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP ee77 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP f5e48422 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 730077 .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[2636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[2672] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 74ecdb07 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x2d7c98]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x2b7674]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 20006e .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2708] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[2732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP b5737373 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 4d0044 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 904d .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\taskhost.exe[2880] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Windows\system32\taskeng.exe[2928] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 12626fdb .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef85ddc88 5 bytes JMP 000007fff85b00d8 .text C:\Windows\system32\Dwm.exe[2948] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef85dde10 5 bytes JMP 000007fff85b0110 .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes JMP 740061 .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes JMP 5144ec0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes JMP 991a67c9 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes JMP 403a7da9 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 790079 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 74006e .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 670064 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefddd8fe4 5 bytes [FF, 25, 4C, 70, D7] .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefdff2398 6 bytes {JMP QWORD [RIP+0xb3dc98]} .text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3016] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[2992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3404] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x31dd64]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x2d7c98]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x2b7674]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3672] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 305650 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 1 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007feec6b2460 5 bytes JMP 000007fefce802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007feec6e96b0 6 bytes JMP 000007fefce80298 .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 700070 .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\conhost.exe[3692] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3700] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\conhost.exe[3868] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 00000000cb8cca3d .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7102000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7102000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7129000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7126000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7114000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\shell32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3900] C:\Windows\syswow64\shell32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 70b7000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 4d68636d .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 00000000cb8cd0ad .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7105000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7105000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 711d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7114000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7114000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7102000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 712c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 710e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 710e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7129000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7126000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 711a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 712f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 710b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 710b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 00000000cb8cca3d .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7102000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7102000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7129000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7120000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7126000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7114000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7123000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\shell32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4120] C:\Windows\syswow64\shell32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 70b7000a .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\wbem\unsecapp.exe[4224] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP ebe6482c .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP fd8 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\wbem\wmiprvse.exe[4340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x31dd64]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x33db70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x35a440]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x394648]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x373740]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 0000000100bef4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5440] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\System32\rundll32.exe[5488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[5652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP ffffffff .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x31dd64]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x2d7c98]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x2b7674]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP e795a170 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x2d7c98]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x2b7674]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x373740]} .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\Dell\QuickSet\quickset.exe[5188] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[2588] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 29db68 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 730077 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 896d0e83 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\WINDOWS\System32\igfxpers.exe[2656] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 00000000cb8cca3d .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7102000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7102000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7129000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7120000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7120000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7126000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7114000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7123000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7123000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[6304] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 300030 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x31dd64]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x2d7c98]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x2b7674]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 18000 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 1000 .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 4b494e4f .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP f1eef1ee .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\WINDOWS\System32\igfxtray.exe[6708] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 4400431 .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 2000000 .text C:\WINDOWS\System32\hkcmd.exe[6744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 6c0069 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 491b009 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Windows\system32\taskmgr.exe[6988] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 434f5250 .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 620065 .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\WINDOWS\System32\rundll32.exe[7016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 1c7b15d9 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 2a0000 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\DellTPad\Apoint.exe[7036] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Windows\system32\wbem\unsecapp.exe[5224] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP ffee0000 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 3035 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3476] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[4720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\DellTPad\HidFind.exe[5924] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x29db70]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\DellTPad\Apntex.exe[6536] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076ce90a0 5 bytes [90, 33, C0, 90, C3] .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x19bdd64]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x1c5db70]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x1c7a440]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x1817c98]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x17f7674]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x1836d10]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 7a0020 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1c93740]} .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe[6684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\conhost.exe[6916] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[7004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text E:\Programy\screenSHU\screenSHU.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 1000100 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x33db70]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 9b9 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x2f6d10]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x394648]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 7080000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 7080000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes [A0, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 708c000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 708c000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 7092000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 7092000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes [88, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70b9000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70b9000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 7095000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 7095000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes [AC, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70aa000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70aa000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 708f000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 708f000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 707a000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 707a000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes [BE, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70c2000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70c2000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes [9D, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes [B5, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70bc000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70bc000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes [AF, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70b3000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70b3000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes [85, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 707d000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 707d000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes [9A, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes [82, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes [97, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes [A6, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes [A3, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076848781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes [9B, 71] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes {JMP QWORD [RIP+0x717f001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 7177000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes {JMP QWORD [RIP+0x7182001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes {JMP QWORD [RIP+0x717c001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes {JMP QWORD [RIP+0x7179001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes {JMP QWORD [RIP+0x719e001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7146000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes {JMP QWORD [RIP+0x7139001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes {JMP QWORD [RIP+0x70ca001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes {JMP QWORD [RIP+0x7133001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 712e000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes {JMP QWORD [RIP+0x714b001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes [D0, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7140000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes {JMP QWORD [RIP+0x70e9001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes [DF, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes {JMP QWORD [RIP+0x70c7001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes [DC, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes {JMP QWORD [RIP+0x7142001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes {JMP QWORD [RIP+0x713c001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes {JMP QWORD [RIP+0x7148001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes {JMP QWORD [RIP+0x7136001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes {JMP QWORD [RIP+0x70cd001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 714f000a .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes {JMP QWORD [RIP+0x70f8001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes {JMP QWORD [RIP+0x7127001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes {JMP QWORD [RIP+0x7130001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes {JMP QWORD [RIP+0x7151001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes [D9, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes {JMP QWORD [RIP+0x70f5001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes {JMP QWORD [RIP+0x70f2001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes {JMP QWORD [RIP+0x70e6001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes [EC, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes [EF, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes {JMP QWORD [RIP+0x70d3001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes {JMP QWORD [RIP+0x70c4001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes {JMP QWORD [RIP+0x7154001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes {JMP QWORD [RIP+0x7157001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes {JMP QWORD [RIP+0x712a001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes {JMP QWORD [RIP+0x7124001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes [D6, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes [FF, 25, 1E] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes [E3, 70] .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes {JMP QWORD [RIP+0x7170001e]} .text C:\Program Files\AVAST Software\Avast\avastui.exe[6288] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes {JMP QWORD [RIP+0x7173001e]} .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes JMP 6e0020 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes JMP 65006a .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP a2a15a65 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x33db70]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x35a440]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 745229d .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x373740]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 00000000cb8cd19d .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7156000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c88a29 5 bytes JMP 000000016d132b20 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7144000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7117000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7159000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 715f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7132000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 712f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7174000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7171000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7177000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769a5ea5 5 bytes JMP 000000016d132ae0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[7300] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 5 bytes JMP 000000016d132a70 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cda460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ce3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cfffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d0f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d39a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d49510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d68830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce92db0 5 bytes JMP 000007fffce80180 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce937d0 7 bytes JMP 000007fffce800d8 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce9a410 2 bytes JMP 000007fffce80110 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefce9a413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce9aec0 6 bytes JMP 000007fffce80148 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 0A] .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 3B] .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 11 bytes JMP 000007fffce80228 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed8bf10 7 bytes JMP 000007fffce80260 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 28f5f0 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 6 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd3389d0 8 bytes JMP 000007fffce801f0 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd33be40 8 bytes JMP 000007fffce801b8 .text C:\Windows\system32\wbem\unsecapp.exe[7888] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[8028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[1888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000769d9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075759698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007595bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 9b6 .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0xedd64]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 63 .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 0 .text C:\Windows\servicing\TrustedInstaller.exe[7996] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL b03 .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\System32\svchost.exe[7144] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 0 .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 0 .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 6c006c .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\DllHost.exe[2316] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes {JMP QWORD [RIP+0x10db70]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x12a440]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0xc6d10]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x214648]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x1f3740]} .text C:\Windows\system32\svchost.exe[8812] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes [E8, 4F, 06] .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes [FF, 25, 50, 9F, 17] .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes {JMP QWORD [RIP+0x27dd64]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes {JMP QWORD [RIP+0x2ba440]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes JMP 7fe .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!GetPixel 000007fefd339320 6 bytes JMP 179 .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes {JMP QWORD [RIP+0x2f4648]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes {JMP QWORD [RIP+0x2d3740]} .text C:\Windows\system32\AUDIODG.EXE[8480] C:\Windows\System32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076e13250 6 bytes {JMP QWORD [RIP+0x922cde0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076e3daa0 6 bytes {JMP QWORD [RIP+0x91e2590]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076e3db70 6 bytes {JMP QWORD [RIP+0x9a224c0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e3dc70 6 bytes {JMP QWORD [RIP+0x98c23c0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076e3dce0 6 bytes {JMP QWORD [RIP+0x99a2350]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e3dd20 6 bytes {JMP QWORD [RIP+0x9962310]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076e3ddc0 6 bytes {JMP QWORD [RIP+0x99c2270]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e3de30 6 bytes {JMP QWORD [RIP+0x97c2200]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e3de50 6 bytes {JMP QWORD [RIP+0x99421e0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e3de90 6 bytes {JMP QWORD [RIP+0x98421a0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e3dee0 6 bytes {JMP QWORD [RIP+0x9862150]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076e3df00 6 bytes {JMP QWORD [RIP+0x9982130]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076e3e0f0 6 bytes {JMP QWORD [RIP+0x9a61f40]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076e3e100 6 bytes {JMP QWORD [RIP+0x9781f30]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e3e200 6 bytes {JMP QWORD [RIP+0x9761e30]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076e3e2d0 6 bytes {JMP QWORD [RIP+0x98e1d60]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e3e310 6 bytes {JMP QWORD [RIP+0x97e1d20]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e3e380 6 bytes {JMP QWORD [RIP+0x97a1cb0]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076e3e3b0 6 bytes {JMP QWORD [RIP+0x9821c80]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e3e410 6 bytes {JMP QWORD [RIP+0x9801c20]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076e3e420 6 bytes {JMP QWORD [RIP+0x99e1c10]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e3e430 6 bytes {JMP QWORD [RIP+0x9a41c00]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e3e7a0 6 bytes {JMP QWORD [RIP+0x9901890]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076e3e830 6 bytes {JMP QWORD [RIP+0x9a01800]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e3f0a0 6 bytes {JMP QWORD [RIP+0x9920f90]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e3f120 6 bytes {JMP QWORD [RIP+0x9880f10]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e3f1a0 6 bytes {JMP QWORD [RIP+0x98a0e90]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ce18f0 6 bytes {JMP QWORD [RIP+0x941e740]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076cedb10 6 bytes {JMP QWORD [RIP+0x9372520]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 0000000076d5f4e0 6 bytes {JMP QWORD [RIP+0x9340b50]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 0000000076d5f510 6 bytes {JMP QWORD [RIP+0x9380b20]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 0000000076d5f6e0 6 bytes {JMP QWORD [RIP+0x9320950]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000076d654b0 6 bytes {JMP QWORD [RIP+0x935ab80]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefce9b022 3 bytes CALL 9b6 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcea60e0 5 bytes JMP 0 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd3322cc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd3324c0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd335bf0 6 bytes JMP 670061 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd338398 6 bytes {JMP QWORD [RIP+0x237c98]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd3389bc 6 bytes {JMP QWORD [RIP+0x217674]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd339320 6 bytes {JMP QWORD [RIP+0x256d10]} .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd33b9e8 6 bytes JMP 703c6d28 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd33c8f0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[9104] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed774a0 6 bytes {JMP QWORD [RIP+0x208b90]} .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076fefa20 3 bytes JMP 71af000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076fefa24 2 bytes JMP 71af000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076fefb68 3 bytes JMP 70c0000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076fefb6c 2 bytes JMP 70c0000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076fefcf0 3 bytes JMP 70e1000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076fefcf4 2 bytes JMP 70e1000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076fefda4 3 bytes JMP 70cc000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076fefda8 2 bytes JMP 70cc000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076fefe08 3 bytes JMP 70d2000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076fefe0c 2 bytes JMP 70d2000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076feff00 3 bytes JMP 70c9000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076feff04 2 bytes JMP 70c9000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076feffb4 3 bytes JMP 70f9000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076feffb8 2 bytes JMP 70f9000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076feffe4 3 bytes JMP 70d5000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076feffe8 2 bytes JMP 70d5000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ff0044 3 bytes JMP 70ed000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076ff0048 2 bytes JMP 70ed000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076ff00c4 3 bytes JMP 70ea000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076ff00c8 2 bytes JMP 00000000cb8cca3d .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ff00f4 3 bytes JMP 70cf000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076ff00f8 2 bytes JMP 70cf000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076ff03f8 3 bytes JMP 70ba000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076ff03fc 2 bytes JMP 70ba000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076ff0410 3 bytes JMP 70ff000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076ff0414 2 bytes JMP 70ff000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076ff0590 3 bytes JMP 7102000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076ff0594 2 bytes JMP 7102000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076ff06d4 3 bytes JMP 70de000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076ff06d8 2 bytes JMP 70de000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076ff0734 3 bytes JMP 70f6000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076ff0738 2 bytes JMP 70f6000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ff07dc 3 bytes JMP 70fc000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076ff07e0 2 bytes JMP 70fc000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076ff0824 3 bytes JMP 70f0000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076ff0828 2 bytes JMP 70f0000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076ff08b4 3 bytes JMP 70f3000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076ff08b8 2 bytes JMP 70f3000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076ff08cc 3 bytes JMP 70c6000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076ff08d0 2 bytes JMP 70c6000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ff08e4 3 bytes JMP 70bd000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076ff08e8 2 bytes JMP 70bd000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ff0e34 3 bytes JMP 70db000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076ff0e38 2 bytes JMP 70db000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076ff0f18 3 bytes JMP 70c3000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076ff0f1c 2 bytes JMP 70c3000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ff1c24 3 bytes JMP 70d8000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076ff1c28 2 bytes JMP 70d8000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076ff1cf4 3 bytes JMP 70e7000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076ff1cf8 2 bytes JMP 70e7000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ff1dcc 3 bytes JMP 70e4000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076ff1dd0 2 bytes JMP 70e4000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077013b8c 6 bytes JMP 71a8000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076841efe 7 bytes JMP 000000016d133c50 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076845b9d 7 bytes JMP 000000016d134290 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768513f9 7 bytes JMP 000000016d133ea0 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076853bab 3 bytes JMP 719c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076853baf 2 bytes JMP 719c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076859aa4 6 bytes JMP 7186000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007685ea45 7 bytes JMP 000000016d133c40 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000076863b62 6 bytes JMP 717d000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007686ccd1 6 bytes JMP 7189000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000768bdc76 6 bytes JMP 7183000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000768bdd19 6 bytes JMP 7180000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768e8f4c 7 bytes JMP 000000016d1336c0 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768e8fd1 5 bytes JMP 000000016d133770 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768e9327 5 bytes JMP 000000016d1336d0 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000764ff784 6 bytes JMP 719f000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076501d29 5 bytes JMP 000000016d133680 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076501dd7 5 bytes JMP 000000016d133640 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076502ab1 5 bytes JMP 000000016d133780 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000076502ca4 4 bytes CALL 71ac0000 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076502d1d 5 bytes JMP 000000016d133480 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074c88332 6 bytes JMP 715c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074c88bff 6 bytes JMP 7150000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000074c890d3 6 bytes JMP 710b000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074c89679 6 bytes JMP 714a000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000074c897d2 6 bytes JMP 7144000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000074c8ee09 6 bytes JMP 7162000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000074c8efc9 3 bytes JMP 7111000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000074c8efcd 2 bytes JMP 7111000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074c912a5 6 bytes JMP 7156000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000074c9291f 6 bytes JMP 7129000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetParent 0000000074c92d64 3 bytes JMP 7120000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074c92d68 2 bytes JMP 7120000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074c92da4 6 bytes JMP 7108000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074c93698 3 bytes JMP 711d000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000074c9369c 2 bytes JMP 711d000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074c93baa 6 bytes JMP 7159000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074c93c61 6 bytes JMP 7153000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c94572 5 bytes JMP 000000016d133400 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074c96110 6 bytes JMP 715f000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000074c9612e 6 bytes JMP 714d000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074c96c30 6 bytes JMP 710e000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074c97603 6 bytes JMP 7165000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074c97668 6 bytes JMP 7138000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000074c976e0 6 bytes JMP 713e000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000074c9781f 6 bytes JMP 7147000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000074c9835c 6 bytes JMP 7168000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074c9c4b6 3 bytes JMP 711a000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000074c9c4ba 2 bytes JMP 711a000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000074cac112 6 bytes JMP 7135000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000074cad0f5 6 bytes JMP 7132000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074cae567 5 bytes JMP 000000016d133470 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000074caeb96 6 bytes JMP 7126000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000074caec68 3 bytes JMP 712c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000074caec6c 2 bytes JMP 712c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendInput 0000000074caff4a 3 bytes JMP 712f000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000074caff4e 2 bytes JMP 712f000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074cc9f1d 6 bytes JMP 7114000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074cd07d7 5 bytes JMP 000000016d132960 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000074cd1497 6 bytes JMP 7105000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!mouse_event 0000000074ce027b 6 bytes JMP 716b000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!keybd_event 0000000074ce02bf 6 bytes JMP 716e000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000074ce6cfc 6 bytes JMP 7141000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000074ce6d5d 6 bytes JMP 713b000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074ce7a5c 5 bytes JMP 000000016d1333e0 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!BlockInput 0000000074ce7dd7 3 bytes JMP 7117000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000074ce7ddb 2 bytes JMP 7117000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000074ce88eb 3 bytes JMP 7123000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000074ce88ef 2 bytes JMP 7123000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076b358b3 6 bytes JMP 718c000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000076b35ea5 6 bytes JMP 717a000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076b37ba4 6 bytes JMP 7195000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000076b3b986 6 bytes JMP 718f000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000076b3ba5f 6 bytes JMP 7171000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000076b3cc01 6 bytes JMP 7177000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b3d2b4 5 bytes JMP 000000016d132c60 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b3d4ee 5 bytes JMP 000000016d132c70 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076b3ea03 6 bytes JMP 7192000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000076b64969 6 bytes JMP 7174000a .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075331401 2 bytes JMP 7686b21b C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075331419 2 bytes JMP 7686b346 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075331431 2 bytes JMP 768e8fd1 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007533144a 2 bytes CALL 7684489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753314dd 2 bytes JMP 768e88c4 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753314f5 2 bytes JMP 768e8aa0 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007533150d 2 bytes JMP 768e87ba C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075331525 2 bytes JMP 768e8b8a C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007533153d 2 bytes JMP 7685fca8 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075331555 2 bytes JMP 768668ef C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007533156d 2 bytes JMP 768e9089 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075331585 2 bytes JMP 768e8bea C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007533159d 2 bytes JMP 768e877e C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753315b5 2 bytes JMP 7685fd41 C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753315cd 2 bytes JMP 7686b2dc C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753316b2 2 bytes JMP 768e8f4c C:\Windows\syswow64\kernel32.dll .text E:\instalki\me9v4s41.exe[6612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753316bd 2 bytes JMP 768e8713 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1612] @ C:\Windows\system32\OLEACC.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\taskeng.exe[2928] @ C:\Windows\system32\taskeng.exe[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\taskeng.exe[2928] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\taskeng.exe[2928] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\Dwm.exe[2948] @ C:\Windows\system32\WindowsCodecs.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\Dwm.exe[2948] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3680] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\GWX\GWX.exe[4440] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1552] @ C:\Windows\system32\OLEACC.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\system32\DSOUND.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\System32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\system32\AUDIOSES.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[6072] @ C:\Windows\system32\audioeng.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\wbem\wbemprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\wbemcomn.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\wbem\fastprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\System32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Dell\QuickSet\quickset.exe[5188] @ C:\Windows\system32\AUDIOSES.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\WINDOWS\System32\igfxpers.exe[2656] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\WINDOWS\System32\igfxpers.exe[2656] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\WINDOWS\System32\igfxpers.exe[2656] @ C:\WINDOWS\System32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\OLEACC.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\System32\msxml6.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\wbem\wbemprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\wbemcomn.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[6700] @ C:\Windows\system32\wbem\fastprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\taskmgr.exe[6988] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\taskmgr.exe[6988] @ C:\Windows\system32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\Apoint.exe[7036] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\Apoint.exe[7036] @ C:\Windows\system32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\Apoint.exe[7036] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[5224] @ C:\Windows\system32\wbemcomn.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[5224] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[5224] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[5224] @ C:\Windows\system32\wbem\fastprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\ApMsgFwd.exe[3476] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\HidFind.exe[5924] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\DellTPad\Apntex.exe[6536] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] @ C:\Windows\system32\mfc110u.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[5636] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] @ C:\Program Files\COMODO\GeekBuddy\QtCore4.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[7032] @ C:\Program Files\COMODO\GeekBuddy\QtGui4.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] @ C:\Program Files\COMODO\GeekBuddy\QtCore4.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] @ C:\Program Files\COMODO\GeekBuddy\QtGui4.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Program Files\COMODO\GeekBuddy\unit.exe[5884] @ C:\Windows\system32\PROPSYS.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[7888] @ C:\Windows\system32\wbemcomn.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[7888] @ C:\Windows\system32\OLEAUT32.dll[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[7888] @ C:\Windows\system32\CLBCatQ.DLL[ole32.dll!CoCreateInstance] [7fefef60000] IAT C:\Windows\system32\wbem\unsecapp.exe[7888] @ C:\Windows\system32\wbem\fastprox.dll[ole32.dll!CoCreateInstance] [7fefef60000] ---- Threads - GMER 2.1 ---- Thread [4956:4972] 0000000076e0a810 Thread [4956:6672] 0000000076e0f470 Thread [4956:8700] 0000000076e0f470 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}\Connection@Name isatap.{5F42633C-09AB-485D-B644-606D7CFAC856} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}\Connection@Name isatap.{87983A48-12C6-4035-B1F4-7B0FD64F5F03} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{DFBF0170-E618-4CB5-8FC8-E7B7AC412933}?\Device\{9BAC7FF0-2D00-4EA1-8487-5719A4AA69BF}?\Device\{15458BFF-8FE1-4934-ACAB-100BFBF2C088}?\Device\{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}?\Device\{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}?\Device\{6C223763-CB6B-46C9-B213-A2E03EDC67B5}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{DFBF0170-E618-4CB5-8FC8-E7B7AC412933}"?"{9BAC7FF0-2D00-4EA1-8487-5719A4AA69BF}"?"{15458BFF-8FE1-4934-ACAB-100BFBF2C088}"?"{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}"?"{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}"?"{6C223763-CB6B-46C9-B213-A2E03EDC67B5}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{DFBF0170-E618-4CB5-8FC8-E7B7AC412933}?\Device\TCPIP6TUNNEL_{9BAC7FF0-2D00-4EA1-8487-5719A4AA69BF}?\Device\TCPIP6TUNNEL_{15458BFF-8FE1-4934-ACAB-100BFBF2C088}?\Device\TCPIP6TUNNEL_{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}?\Device\TCPIP6TUNNEL_{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}?\Device\TCPIP6TUNNEL_{6C223763-CB6B-46C9-B213-A2E03EDC67B5}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289e8debe Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}@InterfaceName isatap.{5F42633C-09AB-485D-B644-606D7CFAC856} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{22AE6719-2793-49EC-A7B0-8DBB0E8A90EB}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}@InterfaceName isatap.{87983A48-12C6-4035-B1F4-7B0FD64F5F03} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5D62CEE-19AE-4EEB-A585-6E754A4CDAB2}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\ngvss\Parameters@asserts ?????g??????????megasas?????? ????????????????????????????&???}????????????????0????? ???????????????????????g?????????????e?????/?/?/???.?.?.???4???f?f?f?g?g?g?g?g???????????grv???????g???n?????e?????????????????g???????????????????????6????p179??? ???????5??????r5??? ???????????????????????????9??? ????????????????????????????&???w?????????????????????? ???????????????????????g?????????????e?????????&???????0???????????????????w??????????????????????????E????????????????????????g???????????????g?g?g?g?g?g?g?g???g?g?g?g?gme????N??????0??????????eM???????????d??????? ???????????????????'????????&???{?$???????????????????????? ??????????????????? ??????? ?????????????6????????V???%???????????????????8a??{4D36E97B-E325-11CE-BFC1-08002BE10318}????????V??????????????d??megasas.inf_amd64_neutral_395276dd9b7a7448??????? ??????? ?????????????6????????V???%???????????????????8_????N??????2????Db7a??{4D36E97B-E325-11CE-BFC1-08002BE10318}??V?????V?????????????????megasas.inf_amd64_neutral_395276dd9b7a7448?-BF??? ????? Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 21745 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10186 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289e8debe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\ngvss\Parameters@asserts ?????????????????????????????????0??????????? ????????????????????????V?????????&???????????????????????? ???????????????????????????????????????6??? ????????????????????????????????????????bAE6??? ??????????????????????????????????+??????????????????????07C????????????????46E1??? ????????????????????????V?????????&????????????????????4????????????????E4-A??? ??????????????????????????????????????????? ??????????????????????????????????????????? ???????????????????????????????????????0??? ???f???F??????d???? ????????????????????????????????????????bDE3??? ??????????????????????????????????+??????????????????????07-????????????????????????3A8-4FE4??? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&????????????????????v??? ???j???8??????dF????????????????pip6??? ???????????????????s?0????????B???????????? ?????????????????????0??????????????????????????????????????????????????????????RS\Rt64w??????????????????LocalSystem?ne???????????.??????????????????? ???????t? Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----