GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-04 21:54:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3750640NS rev.3CNR 698,64GB Running: e8i0piq6.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwniypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007779ff60 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a0160 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007779ff60 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a0160 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\services.exe[628] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\services.exe[628] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff305720 6 bytes JMP 0 .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077657640 6 bytes {JMP QWORD [RIP+0x8de89f0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077659554 6 bytes {JMP QWORD [RIP+0x8ec6adc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetParent 0000000077659870 6 bytes {JMP QWORD [RIP+0x8e067c0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetWindowLongA 000000007765c044 6 bytes {JMP QWORD [RIP+0x8b63fec]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!PostMessageA 000000007765ca54 6 bytes {JMP QWORD [RIP+0x8ba35dc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!EnableWindow 000000007765d0f0 6 bytes {JMP QWORD [RIP+0x8f02f40]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!MoveWindow 000000007765d120 6 bytes {JMP QWORD [RIP+0x8e22f10]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007765f0c4 6 bytes {JMP QWORD [RIP+0x8dc0f6c]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007765f690 6 bytes {JMP QWORD [RIP+0x8ea09a0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007765fc50 6 bytes {JMP QWORD [RIP+0x8be03e0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageA 000000007765fcd8 6 bytes {JMP QWORD [RIP+0x8c20358]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000776603f0 6 bytes {JMP QWORD [RIP+0x8cffc40]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000077661f30 6 bytes {JMP QWORD [RIP+0x8ede100]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000077662294 6 bytes {JMP QWORD [RIP+0x8b1dd9c]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077663464 6 bytes {JMP QWORD [RIP+0x8bfcbcc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077665c34 6 bytes {JMP QWORD [RIP+0x8b7a3fc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 00000000776671e9 5 bytes {JMP QWORD [RIP+0x8b38e48]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!GetKeyState 00000000776678c0 6 bytes {JMP QWORD [RIP+0x8d98770]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077668e28 6 bytes {JMP QWORD [RIP+0x8cb7208]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000077668f9c 6 bytes {JMP QWORD [RIP+0x8c77094]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!PostMessageW 00000000776692d4 6 bytes {JMP QWORD [RIP+0x8bb6d5c]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageW 000000007766a800 6 bytes {JMP QWORD [RIP+0x8c35830]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000077670bf8 6 bytes {JMP QWORD [RIP+0x8d2f438]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!GetClipboardData 0000000077671584 6 bytes {JMP QWORD [RIP+0x8e6eaac]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000077672360 6 bytes {JMP QWORD [RIP+0x8e2dcd0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000077675508 6 bytes {JMP QWORD [RIP+0x8ccab28]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!mouse_event 00000000776762c4 6 bytes {JMP QWORD [RIP+0x8ac9d6c]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000776791a0 6 bytes {JMP QWORD [RIP+0x8d66e90]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000776792e0 6 bytes {JMP QWORD [RIP+0x8c46d50]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077679320 6 bytes {JMP QWORD [RIP+0x8ae6d10]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendInput 00000000776793d0 6 bytes {JMP QWORD [RIP+0x8d46c60]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!BlockInput 000000007767b430 6 bytes {JMP QWORD [RIP+0x8e44c00]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000776a16e0 6 bytes {JMP QWORD [RIP+0x8ede950]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!keybd_event 00000000776c4474 6 bytes {JMP QWORD [RIP+0x8a5bbbc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000776ccc58 6 bytes {JMP QWORD [RIP+0x8cb33d8]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000776cdec8 6 bytes {JMP QWORD [RIP+0x8c32168]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\services.exe[628] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 23e2173 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP ff3b7048 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\lsass.exe[644] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\lsm.exe[652] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0x11da98]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff305720 6 bytes JMP 7913 .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP c120f01 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP d155ac84 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[860] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL ffff0000 .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\nvvsvc.exe[880] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff305720 6 bytes {JMP QWORD [RIP+0x10a910]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[516] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes JMP 0 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\System32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\System32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes JMP e6ede815 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes JMP 1f6de8cc .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes JMP 530041 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes JMP 8fffdf8 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes JMP e8c8 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes JMP 8df87a1 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes JMP 8f78851 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes JMP e86de89b .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes JMP 8effc38 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes JMP 8f79c41 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes JMP 90947d1 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes JMP 8f7c059 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes JMP 232080 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes JMP 4c0041 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes JMP 8dfaa59 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes JMP 927ff60 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes JMP 8dfaa59 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes JMP a7d4b064 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes JMP b4280 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes JMP 9093b71 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes JMP 8f9f3a8 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes JMP 9d480 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes JMP 8f8faf0 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes JMP 8f297a0 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes JMP 7d7fe865 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes JMP 7b6be8b9 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\System32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\System32\svchost.exe[1036] C:\Windows\System32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff305720 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 10c3c8 .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefe309870 5 bytes [FF, 25, C0, 67, D4] .text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefe51cd60 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\MSIMG32.dll!AlphaBlend 000007fef9e01180 6 bytes {JMP QWORD [RIP+0x4eeb0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\system32\MSIMG32.dll!TransparentBlt 000007fef9e01350 6 bytes {JMP QWORD [RIP+0x2ece0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\MSIMG32.dll!AlphaBlend 000007fef9e01180 6 bytes {JMP QWORD [RIP+0x44eeb0]} .text C:\Windows\system32\nvvsvc.exe[1404] C:\Windows\system32\MSIMG32.dll!TransparentBlt 000007fef9e01350 6 bytes {JMP QWORD [RIP+0x42ece0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\Dwm.exe[1608] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL ffff0000 .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 746e495c .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes JMP fffff900 .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefe309870 5 bytes [FF, 25, C0, 67, D7] .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefe51cd60 6 bytes {JMP QWORD [RIP+0xb432d0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\Explorer.EXE[1624] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes JMP 4e40c3b .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x49de04]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x4bdc18]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x4d8c80]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0x457dd8]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x437cb8]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x4769cc]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x5144ec]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4f23b8]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\System32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\System32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff305720 6 bytes {JMP QWORD [RIP+0x10a910]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[1736] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f996b8 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007619daf5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[1924] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes JMP 0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes JMP 0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1968] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 2E] .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes JMP 0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x49de04]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x4bdc18]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x4d8c80]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0x457dd8]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes JMP 0 .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x4769cc]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x5144ec]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4f23b8]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\MSIMG32.dll!AlphaBlend 000007fef9e01180 6 bytes {JMP QWORD [RIP+0x4eeb0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\MSIMG32.dll!TransparentBlt 000007fef9e01350 6 bytes {JMP QWORD [RIP+0x2ece0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1136] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 10] .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 14] .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x49de04]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x4bdc18]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x4d8c80]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes JMP 439c80 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 21305a35 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x5144ec]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4f23b8]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[1528] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 0 .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 71701aa .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\taskhost.exe[1680] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 10] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 14] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 746e495c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\MSIMG32.dll!AlphaBlend 000007fef9e01180 6 bytes {JMP QWORD [RIP+0x4eeb0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\MSIMG32.dll!TransparentBlt 000007fef9e01350 6 bytes {JMP QWORD [RIP+0x2ece0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2208] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f996b8 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007619daf5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[2452] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f996b8 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Stout International\Stout International.exe[2484] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007619daf5 6 bytes JMP 70b8000a .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes JMP 6f0070 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes JMP 6f0142 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes JMP 7d0000 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes JMP 650074 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes JMP 650069 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes JMP 750068 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 10] .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 14] .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x4bdc18]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 42002d .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x5144ec]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes JMP 4f23b8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Program Files\COMODO\GeekBuddy\unit.exe[2564] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 690046 .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[2884] C:\Windows\System32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\System32\svchost.exe[2884] C:\Windows\System32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 45dc28 .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\SearchIndexer.exe[3156] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[3544] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes CALL 9b30000 .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes JMP 3e0022 .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes JMP e01000f .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\svchost.exe[3744] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes JMP ffcc0000 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes JMP 203e30 .text C:\Windows\System32\svchost.exe[3872] C:\Windows\System32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\System32\svchost.exe[3872] C:\Windows\System32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777a0030 8 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 8 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f996b8 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4480] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007619daf5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f996b8 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007619daf5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077772fd0 6 bytes {JMP QWORD [RIP+0x88cd060]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007779ffa0 6 bytes {JMP QWORD [RIP+0x8880090]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777a0070 6 bytes {JMP QWORD [RIP+0x90bffc0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a0170 6 bytes {JMP QWORD [RIP+0x8f5fec0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777a01e0 6 bytes {JMP QWORD [RIP+0x903fe50]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a0220 6 bytes {JMP QWORD [RIP+0x8fffe10]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777a02c0 6 bytes {JMP QWORD [RIP+0x905fd70]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a0330 6 bytes {JMP QWORD [RIP+0x8e5fd00]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a0350 6 bytes {JMP QWORD [RIP+0x8fdfce0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a0390 6 bytes {JMP QWORD [RIP+0x8edfca0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a03e0 6 bytes {JMP QWORD [RIP+0x8effc50]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777a0400 6 bytes {JMP QWORD [RIP+0x901fc30]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777a05f0 6 bytes {JMP QWORD [RIP+0x90ffa40]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777a0600 6 bytes {JMP QWORD [RIP+0x8e1fa30]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a0700 6 bytes {JMP QWORD [RIP+0x8dff930]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777a07d0 6 bytes {JMP QWORD [RIP+0x8f7f860]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a0810 6 bytes {JMP QWORD [RIP+0x8e7f820]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a0880 6 bytes {JMP QWORD [RIP+0x8e3f7b0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777a08b0 6 bytes {JMP QWORD [RIP+0x8ebf780]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a0910 6 bytes {JMP QWORD [RIP+0x8e9f720]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777a0920 6 bytes {JMP QWORD [RIP+0x907f710]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a0930 6 bytes {JMP QWORD [RIP+0x90df700]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a0ca0 6 bytes {JMP QWORD [RIP+0x8f9f390]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777a0d30 6 bytes {JMP QWORD [RIP+0x909f300]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a15a0 6 bytes {JMP QWORD [RIP+0x8fbea90]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a1620 6 bytes {JMP QWORD [RIP+0x8f1ea10]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a16a0 6 bytes {JMP QWORD [RIP+0x8f3e990]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077543900 6 bytes {JMP QWORD [RIP+0x8bbc730]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007754a600 6 bytes {JMP QWORD [RIP+0x8b15a30]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000775bf5e0 6 bytes {JMP QWORD [RIP+0x8ae0a50]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000775bf610 6 bytes {JMP QWORD [RIP+0x8b20a20]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000775bf7e0 6 bytes {JMP QWORD [RIP+0x8ac0850]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000775c55b0 6 bytes {JMP QWORD [RIP+0x8afaa80]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 408 000007fefda1a4c8 3 bytes [42, 5B, 06] .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda24920 5 bytes [FF, 25, 10, B7, 0A] .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff67222c 6 bytes {JMP QWORD [RIP+0x43de04]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!BitBlt 000007feff672418 6 bytes {JMP QWORD [RIP+0x45dc18]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff6773b0 6 bytes {JMP QWORD [RIP+0x478c80]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff678258 6 bytes {JMP QWORD [RIP+0xa7dd8]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff678378 6 bytes {JMP QWORD [RIP+0x87cb8]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!GetPixel 000007feff679664 6 bytes {JMP QWORD [RIP+0x3e69cc]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff67bb44 6 bytes {JMP QWORD [RIP+0x4b44ec]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff67dc78 6 bytes {JMP QWORD [RIP+0x4923b8]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8887a0 6 bytes {JMP QWORD [RIP+0x207890]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\fltlib.dll!FilterConnectCommunicationPort 000007fefd412370 6 bytes {JMP QWORD [RIP+0x3dcc0]} .text C:\Windows\system32\taskeng.exe[1308] C:\Windows\system32\fltlib.dll!FilterSendMessage 000007fefd412598 6 bytes {JMP QWORD [RIP+0xfda98]} .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007794f980 3 bytes JMP 71af000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007794f984 2 bytes JMP 71af000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007794fac8 3 bytes JMP 70c1000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007794facc 2 bytes JMP 70c1000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007794fc50 3 bytes JMP 70e2000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007794fc54 2 bytes JMP 70e2000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007794fd04 3 bytes JMP 70cd000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007794fd08 2 bytes JMP 70cd000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007794fd68 3 bytes JMP 70d3000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007794fd6c 2 bytes JMP 70d3000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007794fe60 3 bytes JMP 70ca000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007794fe64 2 bytes JMP 70ca000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007794ff14 3 bytes JMP 70fa000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007794ff18 2 bytes JMP 70fa000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007794ff44 3 bytes JMP 70d6000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007794ff48 2 bytes JMP 70d6000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007794ffa4 3 bytes JMP 70ee000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 000000007794ffa8 2 bytes JMP 70ee000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077950024 3 bytes JMP 70eb000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077950028 2 bytes JMP 70eb000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077950054 3 bytes JMP 70d0000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077950058 2 bytes JMP 70d0000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077950358 3 bytes JMP 70bb000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 000000007795035c 2 bytes JMP 70bb000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077950370 3 bytes JMP 7100000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077950374 2 bytes JMP 7100000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779504f0 3 bytes JMP 7103000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000779504f4 2 bytes JMP 7103000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077950634 3 bytes JMP 70df000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077950638 2 bytes JMP 70df000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077950694 3 bytes JMP 70f7000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077950698 2 bytes JMP 70f7000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007795073c 3 bytes JMP 70fd000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077950740 2 bytes JMP 70fd000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077950784 3 bytes JMP 70f1000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077950788 2 bytes JMP 70f1000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077950814 3 bytes JMP 70f4000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077950818 2 bytes JMP 70f4000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007795082c 3 bytes JMP 70c7000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077950830 2 bytes JMP 70c7000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077950844 3 bytes JMP 70be000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077950848 2 bytes JMP 70be000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077950d94 3 bytes JMP 70dc000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077950d98 2 bytes JMP 70dc000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077950e78 3 bytes JMP 70c4000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077950e7c 2 bytes JMP 70c4000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077951b84 3 bytes JMP 70d9000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077951b88 2 bytes JMP 70d9000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077951c54 3 bytes JMP 70e8000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077951c58 2 bytes JMP 70e8000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077951d2c 3 bytes JMP 70e5000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077951d30 2 bytes JMP 70e5000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077971067 6 bytes JMP 71a8000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075d9117b 3 bytes JMP 719c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075d9117f 2 bytes JMP 719c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075d99899 6 bytes JMP 7187000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075da4042 6 bytes JMP 717e000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dabe95 6 bytes JMP 718a000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075dfd9de 6 bytes JMP 7184000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075dfda81 3 bytes JMP 7181000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 0000000075dfda85 2 bytes JMP 7181000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076d5eae7 6 bytes JMP 719f000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 372 0000000076d61d26 4 bytes CALL 71ac0000 .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000077078b7c 6 bytes JMP 715d000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000077078e6e 6 bytes JMP 7151000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageW 000000007707cd35 6 bytes JMP 714b000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 000000007707d0da 6 bytes JMP 7145000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007707d277 3 bytes JMP 7112000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007707d27b 2 bytes JMP 7112000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007707f0e6 6 bytes JMP 7163000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000077080f14 6 bytes JMP 7157000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000077080f9f 3 bytes JMP 710c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW + 4 0000000077080fa3 2 bytes JMP 710c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000077082902 6 bytes JMP 712a000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000770835fb 3 bytes JMP 711e000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000770835ff 2 bytes JMP 711e000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077083cbf 6 bytes JMP 715a000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077083d76 6 bytes JMP 7154000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetParent 0000000077083f14 3 bytes JMP 7121000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077083f18 2 bytes JMP 7121000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077083f54 6 bytes JMP 7109000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000077084858 6 bytes JMP 7127000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007708492a 3 bytes JMP 712d000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007708492e 2 bytes JMP 712d000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000077088364 6 bytes JMP 7169000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007708b7e6 3 bytes JMP 711b000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007708b7ea 2 bytes JMP 711b000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007708c991 6 bytes JMP 7136000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770906b3 6 bytes JMP 7166000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 000000007709090f 6 bytes JMP 713f000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000077092959 6 bytes JMP 7133000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007709eef4 6 bytes JMP 714e000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowLongA 000000007709ef4a 6 bytes JMP 7160000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007709f422 6 bytes JMP 7148000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 000000007709f9b0 6 bytes JMP 710f000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000770a0f60 6 bytes JMP 7139000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendInput 00000000770a195e 3 bytes JMP 7130000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000770a1962 2 bytes JMP 7130000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000770b9f3b 6 bytes JMP 7115000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000770c15ef 6 bytes JMP 7106000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!mouse_event 00000000770d040b 6 bytes JMP 716c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!keybd_event 00000000770d044f 6 bytes JMP 716f000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000770d6e8c 6 bytes JMP 7142000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000770d6eed 6 bytes JMP 713c000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!BlockInput 00000000770d7f67 3 bytes JMP 7118000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000770d7f6b 2 bytes JMP 7118000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000770d8a7b 3 bytes JMP 7124000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000770d8a7f 2 bytes JMP 7124000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075c85876 6 bytes JMP 718d000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075c85ea6 6 bytes JMP 717b000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075c895f4 6 bytes JMP 7196000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075c8b8d0 6 bytes JMP 7190000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075c8ba55 6 bytes JMP 7172000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075c8c74f 6 bytes JMP 7178000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075c8e45d 6 bytes JMP 7193000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075cb4636 6 bytes JMP 7175000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000755557fc 6 bytes JMP 7199000a .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c41401 2 bytes JMP 75d9eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c41419 2 bytes JMP 75dab513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c41431 2 bytes JMP 75e28609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c4144a 2 bytes CALL 75d81dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c414dd 2 bytes JMP 75e27efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c414f5 2 bytes JMP 75e280d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c4150d 2 bytes JMP 75e27df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c41525 2 bytes JMP 75e281c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c4153d 2 bytes JMP 75d9f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c41555 2 bytes JMP 75dab885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c4156d 2 bytes JMP 75e286c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c41585 2 bytes JMP 75e28222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c4159d 2 bytes JMP 75e27db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c415b5 2 bytes JMP 75d9f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c415cd 2 bytes JMP 75dab29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c416b2 2 bytes JMP 75e28584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\e8i0piq6.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c416bd 2 bytes JMP 75e27d4d C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----