GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-27 21:50:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST500LT0 rev.0001 465,76GB Running: gmer.exe; Driver: C:\Users\lenovo\AppData\Local\Temp\fxrirpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b41401 2 bytes JMP 76eeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b41419 2 bytes JMP 76eeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b41431 2 bytes JMP 76f69011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b4144a 2 bytes CALL 76ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b414dd 2 bytes JMP 76f6890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b414f5 2 bytes JMP 76f68ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b4150d 2 bytes JMP 76f68800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b41525 2 bytes JMP 76f68bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b4153d 2 bytes JMP 76edfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b41555 2 bytes JMP 76ee6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b4156d 2 bytes JMP 76f690c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b41585 2 bytes JMP 76f68c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b4159d 2 bytes JMP 76f687c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b415b5 2 bytes JMP 76edfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b415cd 2 bytes JMP 76eeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b416b2 2 bytes JMP 76f68f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b416bd 2 bytes JMP 76f68759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b41401 2 bytes JMP 76eeb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b41419 2 bytes JMP 76eeb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b41431 2 bytes JMP 76f69011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b4144a 2 bytes CALL 76ec48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b414dd 2 bytes JMP 76f6890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b414f5 2 bytes JMP 76f68ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b4150d 2 bytes JMP 76f68800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b41525 2 bytes JMP 76f68bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b4153d 2 bytes JMP 76edfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b41555 2 bytes JMP 76ee6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b4156d 2 bytes JMP 76f690c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b41585 2 bytes JMP 76f68c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b4159d 2 bytes JMP 76f687c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b415b5 2 bytes JMP 76edfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b415cd 2 bytes JMP 76eeb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b416b2 2 bytes JMP 76f68f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b416bd 2 bytes JMP 76f68759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775c8141 11 bytes [B8, F8, 1E, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775d6061 7 bytes [B8, 64, 0D, 02, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775d606a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 00000000775ed430 5 bytes [48, B8, 7C, 22, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 00000000775ed438 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775ed4a0 5 bytes [48, B8, 98, 15, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000775ed4a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000775ed570 5 bytes [48, B8, 14, 12, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000775ed578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 00000000775ed5c0 5 bytes [48, B8, 62, 1E, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 00000000775ed5c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775ed610 5 bytes [48, B8, 5C, 06, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775ed618 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000775ed630 5 bytes [48, B8, 80, 00, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775ed638 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775ed650 5 bytes [48, B8, 16, 01, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775ed658 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775ed670 5 bytes [48, B8, 7E, 11, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000775ed678 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775ed720 5 bytes [48, B8, 50, 21, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 00000000775ed728 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775ed750 5 bytes [48, B8, 30, 05, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000775ed758 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775ed770 5 bytes [48, B8, 88, 07, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000775ed778 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775ed7c0 5 bytes [48, B8, 48, 1A, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 00000000775ed7c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000775ed800 5 bytes [48, B8, F2, 06, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000775ed808 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775ed850 5 bytes [48, B8, 12, 23, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 00000000775ed858 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000775ed880 5 bytes [48, B8, 04, 04, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000775ed888 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775ed890 5 bytes [48, B8, D8, 02, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000775ed898 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775ed900 5 bytes [48, B8, E6, 21, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775ed908 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000775ed9b0 5 bytes [48, B8, 3E, 24, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000775ed9b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775edd80 5 bytes [48, B8, BA, 20, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 00000000775edd88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000775eddd0 5 bytes [48, B8, 6E, 03, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000775eddd8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775ede30 5 bytes [48, B8, 42, 02, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000775ede38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775ee1a0 5 bytes [48, B8, 2E, 16, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000775ee1a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ee370 5 bytes [48, B8, CC, 1D, 02] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ee378 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000775ee6e0 6 bytes [48, B8, 52, 10, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000775ee6e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775ee8e0 6 bytes [48, B8, C6, 05, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000775ee8e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775eeaa0 6 bytes [48, B8, C4, 16, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000775eeaa8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775eeb80 6 bytes [48, B8, 4A, 09, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000775eeb88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775eeb90 6 bytes [48, B8, B4, 08, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000775eeb98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775eeba0 6 bytes [48, B8, A8, 23, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 00000000775eeba8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775eec80 6 bytes [48, B8, 24, 20, 02, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000775eec88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007765fba1 11 bytes [B8, E8, 10, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentVariable + 1 0000000077684131 11 bytes [B8, DE, 1A, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 0000000077481b21 11 bytes [B8, 02, 15, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 0000000077481c10 12 bytes [48, B8, 1E, 08, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 1 0000000077482b61 8 bytes [B8, 86, 18, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 10 0000000077482b6a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 000000007749db80 12 bytes [48, B8, 9A, 04, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 00000000774a0931 11 bytes [B8, 8E, 1F, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 00000000774d53a1 11 bytes [B8, 90, 0E, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 00000000774d53c1 11 bytes [B8, FA, 0D, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 00000000774ea690 12 bytes [48, B8, BC, 0F, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 00000000774ea7a0 12 bytes [48, B8, 26, 0F, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW + 1 000000007750f541 11 bytes [B8, B2, 19, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA + 1 000000007750f741 11 bytes [B8, 1C, 19, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 1 000000007750f771 8 bytes [B8, F0, 17, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 10 000000007750f77a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd621851 11 bytes [B8, CE, 0C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd622db1 11 bytes [B8, D6, 13, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd6233a1 11 bytes [B8, 6C, 14, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd624a21 11 bytes [B8, A0, 1C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd624ae0 12 bytes [48, B8, 74, 1B, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd6256d1 11 bytes [B8, 0A, 1C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd628c20 9 bytes [48, B8, 38, 0C, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd628c2a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd628c51 11 bytes [B8, 36, 1D, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd629140 12 bytes [48, B8, 40, 13, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd62dea1 11 bytes [B8, E0, 09, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd631931 11 bytes [B8, A2, 0B, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd639f11 11 bytes [B8, AA, 12, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd654130 12 bytes [48, B8, 0C, 0B, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd660861 11 bytes [B8, 5A, 17, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd662ca1 8 bytes [B8, AC, 01, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd662caa 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd662ce1 11 bytes [B8, 76, 0A, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff09ae31 11 bytes [B8, CA, 2E, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff09ae91 11 bytes [B8, DC, 2B, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff09e699 11 bytes [B8, 8C, 30, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff0a043d 11 bytes [B8, 72, 2C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff0a0529 11 bytes [B8, 34, 2E, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0a0561 11 bytes [B8, 60, 2F, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0a05a9 5 bytes [B8, F6, 2F, 02, 00] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff0b4d51 2 bytes [B8, D4] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 52 000007feff0b4d54 8 bytes [02, 00, 00, 00, 00, 00, 50, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff0b5468 12 bytes [48, B8, 46, 2B, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0cb831 7 bytes [B8, 9E, 2D, 02, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0cb83a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0cb8bc 12 bytes [48, B8, B0, 2A, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0cba30 12 bytes [48, B8, 84, 29, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0cba9c 12 bytes [48, B8, EE, 28, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefee1642d 11 bytes [B8, C2, 27, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefee16484 12 bytes [48, B8, 00, 26, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefee16519 11 bytes [B8, 1A, 2A, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefee16c34 12 bytes [48, B8, 6A, 25, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefee17ab5 11 bytes [B8, 58, 28, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefee18b01 11 bytes [B8, 96, 26, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefee18c39 11 bytes [B8, 2C, 27, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefde6b031 11 bytes [B8, 22, 31, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefde84991 11 bytes [B8, 78, 44, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefde849b1 11 bytes [B8, 0E, 45, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefde99209 11 bytes [B8, A4, 45, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!WSASend + 1 000007feff1713b1 11 bytes [B8, 16, 4C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!closesocket 000007feff1718e0 12 bytes [48, B8, 80, 4B, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!WSASocketW + 1 000007feff171bd1 11 bytes [B8, EA, 4A, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!WSARecv + 1 000007feff172201 11 bytes [B8, 6E, 4E, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!GetAddrInfoW 000007feff1723c0 12 bytes [48, B8, 92, 48, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!connect 000007feff1745c0 12 bytes [48, B8, FC, 47, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!send + 1 000007feff178001 11 bytes [B8, 54, 4A, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!gethostbyname 000007feff178df0 7 bytes [48, B8, BE, 49, 02, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!gethostbyname + 9 000007feff178df9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!GetAddrInfoExW 000007feff17c090 12 bytes [48, B8, 28, 49, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!socket + 1 000007feff17de91 11 bytes [B8, AC, 4C, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!recv + 1 000007feff17df41 11 bytes [B8, D8, 4D, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\ws2_32.dll!WSAConnect + 1 000007feff19e0f1 11 bytes [B8, 42, 4D, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc6456e0 12 bytes [48, B8, C6, 50, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc65010c 12 bytes [48, B8, 30, 50, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc66daa0 12 bytes [48, B8, 9A, 4F, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff238c80 12 bytes [48, B8, 88, 52, 02, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe[4580] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff254001 11 bytes [B8, F2, 51, 02, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007779f9c8 5 bytes JMP 00000000000209ca .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007779fa80 5 bytes JMP 0000000000020722 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007779fbc8 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007779fc48 5 bytes JMP 0000000000020920 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007779fcc0 5 bytes JMP 0000000000020414 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007779fcf0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007779fd20 5 bytes JMP 000000000002003a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007779fd50 5 bytes JMP 0000000000020656 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007779fe68 5 bytes JMP 00000000000209a8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007779feb4 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007779fee4 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007779ff60 5 bytes JMP 0000000000020832 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007779ffc4 5 bytes JMP 0000000000020436 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777a0044 5 bytes JMP 00000000000209ec .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777a008c 5 bytes JMP 000000000002038c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777a00a4 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777a0154 5 bytes JMP 000000000002014a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777a0264 5 bytes JMP 00000000000201d2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777a083c 5 bytes JMP 0000000000020986 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777a08b4 5 bytes JMP 000000000002036a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777a0944 5 bytes JMP 0000000000020326 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777a0e94 5 bytes JMP 0000000000020744 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777a1160 5 bytes JMP 00000000000208fe .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777a16a4 5 bytes JMP 0000000000020612 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777a19c0 5 bytes JMP 00000000000203f2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777a1c84 5 bytes JMP 0000000000020766 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777a1df4 5 bytes JMP 000000000002049c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777a1e10 5 bytes JMP 000000000002047a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777a1e2c 5 bytes JMP 0000000000020a0e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777a1f88 5 bytes JMP 0000000000020964 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777b2a64 5 bytes JMP 00000000000200e4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777b8fe1 5 bytes JMP 0000000000020942 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlSetEnvironmentVariable 00000000777c59a0 5 bytes JMP 0000000000020854 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000777e10bb 5 bytes JMP 000000000002018e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077829577 5 bytes JMP 0000000000020634 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007782f80f 5 bytes JMP 000000000002016c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 0000000076ec0e00 5 bytes JMP 0000000000020106 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000076ec1072 5 bytes JMP 00000000000202e2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000076ec499f 5 bytes JMP 000000000002025a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076ed3bbb 5 bytes JMP 00000000000203ae .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000076ed9abc 5 bytes JMP 0000000000020810 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 0000000076ed9b1d 5 bytes JMP 00000000000207cc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 0000000076ee733f 5 bytes JMP 000000000002027c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 0000000076ee88f2 5 bytes JMP 0000000000020700 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 0000000076eeccc1 5 bytes JMP 00000000000207aa .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 0000000076eecce1 5 bytes JMP 00000000000207ee .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000076f431a9 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 0000000076f67603 5 bytes JMP 000000000002058a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 0000000076f67626 5 bytes JMP 00000000000205ac .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 0000000076f679d1 5 bytes JMP 00000000000205ce .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 0000000076f67a4a 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076d18f85 5 bytes JMP 00000000000200c2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000076d1c538 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000076d1edb9 5 bytes JMP 0000000000020502 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000076d1f319 5 bytes JMP 00000000000201f4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000076d1fb9c 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000076d1fcca 5 bytes JMP 0000000000020788 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076d2146c 5 bytes JMP 0000000000020546 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076d21493 5 bytes JMP 0000000000020524 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d21e3d 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076d21f29 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d22bcd 5 bytes JMP 00000000000206bc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076d22e41 5 bytes JMP 000000000002069a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d22e7f 5 bytes JMP 00000000000206de .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076d22fe2 5 bytes JMP 000000000002007e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000076d2396b 5 bytes JMP 00000000000204be .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076d23cd8 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076d245fe 5 bytes JMP 0000000000020216 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000076d24770 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076d24799 5 bytes JMP 0000000000020304 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000076d2a37a 5 bytes JMP 0000000000020898 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000076d2a589 5 bytes JMP 00000000000208ba .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000076d2a663 5 bytes JMP 0000000000020876 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000076d2c8a8 5 bytes JMP 000000000002029e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000076d2e414 5 bytes JMP 00000000000208dc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076b48e91 5 bytes JMP 0000000000020c72 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076b49181 5 bytes JMP 0000000000020c2e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076b4918e 5 bytes JMP 0000000000020cd8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076b4c4da 5 bytes JMP 0000000000020d3e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076b4c9f4 5 bytes JMP 0000000000020ada .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076b4debc 5 bytes JMP 0000000000020c50 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076b4dede 5 bytes JMP 0000000000020d1c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076b4def6 5 bytes JMP 0000000000020cb6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076b4df26 5 bytes JMP 0000000000020cfa .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076b52b58 5 bytes JMP 0000000000020ab8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076b53604 5 bytes JMP 0000000000020bc8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076b54959 5 bytes JMP 0000000000020a30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076b67154 5 bytes JMP 0000000000020c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076b6716c 5 bytes JMP 0000000000020b40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076b67184 5 bytes JMP 0000000000020b62 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076b677cb 5 bytes JMP 0000000000020c94 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076b8338c 5 bytes JMP 0000000000020b84 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076b8339c 5 bytes JMP 0000000000020ba6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076b833ac 5 bytes JMP 0000000000020afc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076b833bc 5 bytes JMP 0000000000020b1e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076b833fc 5 bytes JMP 0000000000020bea .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007564a472 5 bytes JMP 0000000000020a52 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000756527ce 5 bytes JMP 0000000000020a96 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007565e6cf 5 bytes JMP 0000000000020a74 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076c9633b 5 bytes JMP 0000000000020d60 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076cb8685 5 bytes JMP 000000000002115c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076cb86a4 5 bytes JMP 000000000002117e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076cc40e0 5 bytes JMP 00000000000211a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!GetWindowLongW 00000000751c7004 5 bytes JMP 00000000000210b2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751c78f2 5 bytes JMP 0000000000020e2c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751c7be3 5 bytes JMP 0000000000020e0a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751c8a39 5 bytes JMP 0000000000020ed6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000751c990d 5 bytes JMP 000000000002104c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000751cb6fd 5 bytes JMP 0000000000020d82 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!GetWindowLongA 00000000751cd166 5 bytes JMP 0000000000021090 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751cd23e 5 bytes JMP 0000000000020ef8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000751cee19 5 bytes JMP 0000000000020de8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000751cfff6 5 bytes JMP 0000000000021008 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000751d00e9 5 bytes JMP 000000000002102a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000751d05ca 5 bytes JMP 0000000000020e70 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751d0e0b 5 bytes JMP 0000000000020f1a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751d12b5 5 bytes JMP 000000000002113a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000751d20fc 5 bytes JMP 0000000000020fe6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000751d3bba 5 bytes JMP 0000000000021118 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000751d5f84 5 bytes JMP 0000000000020e4e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751d6295 5 bytes JMP 0000000000020e92 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751d7613 5 bytes JMP 0000000000020dc6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000751d7678 5 bytes JMP 00000000000210f6 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000751d7afe 5 bytes JMP 0000000000020fc4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751d836c 5 bytes JMP 0000000000020da4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000751ece64 5 bytes JMP 0000000000020f5e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751ef54b 5 bytes JMP 0000000000020eb4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000751ef5a8 5 bytes JMP 000000000002106e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000751f10c0 5 bytes JMP 0000000000020f3c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007521fd9e 5 bytes JMP 0000000000020f80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007521fdc2 5 bytes JMP 0000000000020fa2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075226e25 5 bytes JMP 00000000000210d4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1188] C:\Windows\syswow64\shell32.dll!Shell_NotifyIconW 0000000075d201a9 5 bytes JMP 00000000000211e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007779f9c8 5 bytes JMP 00000000000209a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007779fa80 5 bytes JMP 0000000000020700 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007779fbc8 5 bytes JMP 0000000000020656 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007779fc48 5 bytes JMP 00000000000208fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007779fcc0 5 bytes JMP 00000000000203f2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007779fcf0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007779fd20 5 bytes JMP 000000000002003a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007779fd50 5 bytes JMP 0000000000020634 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007779fe68 5 bytes JMP 0000000000020986 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007779feb4 5 bytes JMP 00000000000203ae .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007779fee4 5 bytes JMP 0000000000020436 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007779ff60 5 bytes JMP 0000000000020810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007779ffc4 5 bytes JMP 0000000000020414 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777a0044 5 bytes JMP 00000000000209ca .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777a008c 5 bytes JMP 000000000002036a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777a00a4 5 bytes JMP 0000000000020326 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777a0154 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777a0264 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777a083c 5 bytes JMP 0000000000020964 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777a08b4 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777a0944 5 bytes JMP 0000000000020304 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777a0e94 5 bytes JMP 0000000000020722 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777a1160 5 bytes JMP 00000000000208dc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777a16a4 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777a19c0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777a1c84 5 bytes JMP 0000000000020744 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777a1df4 5 bytes JMP 000000000002047a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777a1e10 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777a1e2c 5 bytes JMP 00000000000209ec .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777a1f88 5 bytes JMP 0000000000020942 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777b2a64 5 bytes JMP 00000000000200c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777b8fe1 5 bytes JMP 0000000000020920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlSetEnvironmentVariable 00000000777c59a0 5 bytes JMP 0000000000020832 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000777e10bb 5 bytes JMP 000000000002016c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077829577 5 bytes JMP 0000000000020612 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007782f80f 5 bytes JMP 000000000002014a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076ec0e00 5 bytes JMP 00000000000200e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076ec1072 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076ec499f 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076ed3bbb 5 bytes JMP 000000000002038c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076ed9abc 5 bytes JMP 00000000000207ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076ed9b1d 5 bytes JMP 00000000000207aa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076ee733f 5 bytes JMP 000000000002025a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076ee88f2 5 bytes JMP 00000000000206de .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076eeccc1 5 bytes JMP 0000000000020788 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076eecce1 5 bytes JMP 00000000000207cc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076f431a9 5 bytes JMP 000000000002029e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076f67603 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076f67626 5 bytes JMP 000000000002058a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076f679d1 5 bytes JMP 00000000000205ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076f67a4a 5 bytes JMP 00000000000205ce .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076d18f85 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000076d1c538 5 bytes JMP 0000000000020546 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000076d1edb9 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000076d1f319 5 bytes JMP 00000000000201d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000076d1fb9c 5 bytes JMP 0000000000020106 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000076d1fcca 5 bytes JMP 0000000000020766 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076d2146c 5 bytes JMP 0000000000020524 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076d21493 5 bytes JMP 0000000000020502 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d21e3d 5 bytes JMP 000000000002007e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076d21f29 5 bytes JMP 0000000000020216 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d22bcd 5 bytes JMP 000000000002069a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076d22e41 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d22e7f 5 bytes JMP 00000000000206bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076d22fe2 5 bytes JMP 000000000002005c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000076d2396b 5 bytes JMP 000000000002049c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076d23cd8 5 bytes JMP 000000000002018e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076d245fe 5 bytes JMP 00000000000201f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000076d24770 5 bytes JMP 00000000000204be .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076d24799 5 bytes JMP 00000000000202e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000076d2a37a 5 bytes JMP 0000000000020876 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000076d2a589 5 bytes JMP 0000000000020898 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000076d2a663 5 bytes JMP 0000000000020854 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000076d2c8a8 5 bytes JMP 000000000002027c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000076d2e414 5 bytes JMP 00000000000208ba .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007564a472 5 bytes JMP 0000000000020a0e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000756527ce 5 bytes JMP 0000000000020ab8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007565e6cf 5 bytes JMP 0000000000020a96 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076b48e91 5 bytes JMP 0000000000020c94 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076b49181 5 bytes JMP 0000000000020c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076b4918e 5 bytes JMP 0000000000020cfa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076b4c4da 5 bytes JMP 0000000000020d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076b4c9f4 5 bytes JMP 0000000000020afc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076b4debc 5 bytes JMP 0000000000020c72 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076b4dede 5 bytes JMP 0000000000020d3e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076b4def6 5 bytes JMP 0000000000020cd8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076b4df26 5 bytes JMP 0000000000020d1c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076b52b58 5 bytes JMP 0000000000020ada .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076b53604 5 bytes JMP 0000000000020bea .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076b54959 5 bytes JMP 0000000000020a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076b67154 5 bytes JMP 0000000000020c2e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076b6716c 5 bytes JMP 0000000000020b62 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076b67184 5 bytes JMP 0000000000020b84 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076b677cb 5 bytes JMP 0000000000020cb6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076b8338c 5 bytes JMP 0000000000020ba6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076b8339c 5 bytes JMP 0000000000020bc8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076b833ac 5 bytes JMP 0000000000020b1e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076b833bc 5 bytes JMP 0000000000020b40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076b833fc 5 bytes JMP 0000000000020c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076c9633b 5 bytes JMP 0000000000020a52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076cb8685 5 bytes JMP 000000000002113a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076cb86a4 5 bytes JMP 000000000002115c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076cc40e0 5 bytes JMP 000000000002117e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!GetWindowLongW 00000000751c7004 5 bytes JMP 0000000000021090 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751c78f2 5 bytes JMP 0000000000020e0a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751c7be3 5 bytes JMP 0000000000020de8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751c8a39 5 bytes JMP 0000000000020eb4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000751c990d 5 bytes JMP 000000000002102a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000751cb6fd 5 bytes JMP 0000000000020a74 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!GetWindowLongA 00000000751cd166 5 bytes JMP 000000000002106e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751cd23e 5 bytes JMP 0000000000020ed6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000751cee19 5 bytes JMP 0000000000020dc6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000751cfff6 5 bytes JMP 0000000000020fe6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000751d00e9 5 bytes JMP 0000000000021008 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000751d05ca 5 bytes JMP 0000000000020e4e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751d0e0b 5 bytes JMP 0000000000020ef8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751d12b5 5 bytes JMP 0000000000021118 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000751d20fc 5 bytes JMP 0000000000020fc4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000751d3bba 5 bytes JMP 00000000000210f6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000751d5f84 5 bytes JMP 0000000000020e2c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751d6295 5 bytes JMP 0000000000020e70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751d7613 5 bytes JMP 0000000000020da4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000751d7678 5 bytes JMP 00000000000210d4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000751d7afe 5 bytes JMP 0000000000020fa2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751d836c 5 bytes JMP 0000000000020d82 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000751ece64 5 bytes JMP 0000000000020f3c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751ef54b 5 bytes JMP 0000000000020e92 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000751ef5a8 5 bytes JMP 000000000002104c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000751f10c0 5 bytes JMP 0000000000020f1a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007521fd9e 5 bytes JMP 0000000000020f5e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007521fdc2 5 bytes JMP 0000000000020f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4516] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075226e25 5 bytes JMP 00000000000210b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007779f9c8 5 bytes JMP 00000000000209a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007779fa80 5 bytes JMP 0000000000020700 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007779fbc8 5 bytes JMP 0000000000020656 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007779fc48 5 bytes JMP 00000000000208fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007779fcc0 5 bytes JMP 00000000000203f2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007779fcf0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007779fd20 5 bytes JMP 000000000002003a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007779fd50 5 bytes JMP 0000000000020634 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007779fe68 5 bytes JMP 0000000000020986 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007779feb4 5 bytes JMP 00000000000203ae .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007779fee4 5 bytes JMP 0000000000020436 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007779ff60 5 bytes JMP 0000000000020810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007779ffc4 5 bytes JMP 0000000000020414 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777a0044 5 bytes JMP 00000000000209ca .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777a008c 5 bytes JMP 000000000002036a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777a00a4 5 bytes JMP 0000000000020326 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777a0154 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777a0264 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777a083c 5 bytes JMP 0000000000020964 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777a08b4 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777a0944 5 bytes JMP 0000000000020304 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777a0e94 5 bytes JMP 0000000000020722 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777a1160 5 bytes JMP 00000000000208dc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777a16a4 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777a19c0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777a1c84 5 bytes JMP 0000000000020744 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777a1df4 5 bytes JMP 000000000002047a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777a1e10 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777a1e2c 5 bytes JMP 00000000000209ec .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777a1f88 5 bytes JMP 0000000000020942 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777b2a64 5 bytes JMP 00000000000200c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777b8fe1 5 bytes JMP 0000000000020920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlSetEnvironmentVariable 00000000777c59a0 5 bytes JMP 0000000000020832 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000777e10bb 5 bytes JMP 000000000002016c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077829577 5 bytes JMP 0000000000020612 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007782f80f 5 bytes JMP 000000000002014a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076ec0e00 5 bytes JMP 00000000000200e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076ec1072 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076ec499f 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076ed3bbb 5 bytes JMP 000000000002038c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076ed9abc 5 bytes JMP 00000000000207ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076ed9b1d 5 bytes JMP 00000000000207aa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076ee733f 5 bytes JMP 000000000002025a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076ee88f2 5 bytes JMP 00000000000206de .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076eeccc1 5 bytes JMP 0000000000020788 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076eecce1 5 bytes JMP 00000000000207cc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076f431a9 5 bytes JMP 000000000002029e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076f67603 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076f67626 5 bytes JMP 000000000002058a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076f679d1 5 bytes JMP 00000000000205ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076f67a4a 5 bytes JMP 00000000000205ce .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076d18f85 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000076d1c538 5 bytes JMP 0000000000020546 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000076d1edb9 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000076d1f319 5 bytes JMP 00000000000201d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000076d1fb9c 5 bytes JMP 0000000000020106 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000076d1fcca 5 bytes JMP 0000000000020766 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076d2146c 5 bytes JMP 0000000000020524 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076d21493 5 bytes JMP 0000000000020502 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d21e3d 5 bytes JMP 000000000002007e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076d21f29 5 bytes JMP 0000000000020216 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d22bcd 5 bytes JMP 000000000002069a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076d22e41 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d22e7f 5 bytes JMP 00000000000206bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076d22fe2 5 bytes JMP 000000000002005c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000076d2396b 5 bytes JMP 000000000002049c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076d23cd8 5 bytes JMP 000000000002018e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076d245fe 5 bytes JMP 00000000000201f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000076d24770 5 bytes JMP 00000000000204be .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076d24799 5 bytes JMP 00000000000202e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000076d2a37a 5 bytes JMP 0000000000020876 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000076d2a589 5 bytes JMP 0000000000020898 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000076d2a663 5 bytes JMP 0000000000020854 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000076d2c8a8 5 bytes JMP 000000000002027c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000076d2e414 5 bytes JMP 00000000000208ba .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007564a472 5 bytes JMP 0000000000020a0e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000756527ce 5 bytes JMP 0000000000020afc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007565e6cf 5 bytes JMP 0000000000020ada .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076b48e91 5 bytes JMP 0000000000020cd8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076b49181 5 bytes JMP 0000000000020c94 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076b4918e 5 bytes JMP 0000000000020d3e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076b4c4da 5 bytes JMP 0000000000020da4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076b4c9f4 5 bytes JMP 0000000000020b40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076b4debc 5 bytes JMP 0000000000020cb6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076b4dede 5 bytes JMP 0000000000020d82 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076b4def6 5 bytes JMP 0000000000020d1c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076b4df26 5 bytes JMP 0000000000020d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076b52b58 5 bytes JMP 0000000000020b1e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076b53604 5 bytes JMP 0000000000020c2e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076b54959 5 bytes JMP 0000000000020a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076b67154 5 bytes JMP 0000000000020c72 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076b6716c 5 bytes JMP 0000000000020ba6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076b67184 5 bytes JMP 0000000000020bc8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076b677cb 5 bytes JMP 0000000000020cfa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076b8338c 5 bytes JMP 0000000000020bea .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076b8339c 5 bytes JMP 0000000000020c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076b833ac 5 bytes JMP 0000000000020b62 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076b833bc 5 bytes JMP 0000000000020b84 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076b833fc 5 bytes JMP 0000000000020c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076c9633b 5 bytes JMP 0000000000020a52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076cb8685 5 bytes JMP 000000000002117e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076cb86a4 5 bytes JMP 00000000000211a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076cc40e0 5 bytes JMP 00000000000211c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowLongW 00000000751c7004 5 bytes JMP 00000000000210d4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751c78f2 5 bytes JMP 0000000000020e4e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751c7be3 5 bytes JMP 0000000000020e2c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751c8a39 5 bytes JMP 0000000000020ef8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000751c990d 5 bytes JMP 000000000002106e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000751cb6fd 5 bytes JMP 0000000000020a74 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowLongA 00000000751cd166 5 bytes JMP 00000000000210b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751cd23e 5 bytes JMP 0000000000020f1a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000751cee19 5 bytes JMP 0000000000020e0a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000751cfff6 5 bytes JMP 000000000002102a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000751d00e9 5 bytes JMP 000000000002104c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000751d05ca 5 bytes JMP 0000000000020e92 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751d0e0b 5 bytes JMP 0000000000020f3c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751d12b5 5 bytes JMP 000000000002115c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000751d20fc 5 bytes JMP 0000000000021008 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000751d3bba 5 bytes JMP 000000000002113a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000751d5f84 5 bytes JMP 0000000000020e70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751d6295 5 bytes JMP 0000000000020eb4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751d7613 5 bytes JMP 0000000000020de8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000751d7678 5 bytes JMP 0000000000021118 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000751d7afe 5 bytes JMP 0000000000020fe6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751d836c 5 bytes JMP 0000000000020dc6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000751ece64 5 bytes JMP 0000000000020f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751ef54b 5 bytes JMP 0000000000020ed6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000751ef5a8 5 bytes JMP 0000000000021090 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000751f10c0 5 bytes JMP 0000000000020f5e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007521fd9e 1 byte JMP 0000000000020fa2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 2 000000007521fda0 3 bytes {CALL QWORD [RCX]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007521fdc2 5 bytes JMP 0000000000020fc4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075226e25 5 bytes JMP 00000000000210f6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077223918 5 bytes JMP 00000000000212d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000077223cd3 5 bytes JMP 00000000000212b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!socket 0000000077223eb8 5 bytes JMP 00000000000212f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077224406 5 bytes JMP 0000000000021206 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077224889 5 bytes JMP 000000000002124a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!recv 0000000077226b0e 5 bytes JMP 0000000000021338 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!connect 0000000077226bdd 5 bytes JMP 0000000000021228 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!send 0000000077226f01 5 bytes JMP 00000000000211e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077227089 5 bytes JMP 000000000002135a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007722cc3f 5 bytes JMP 0000000000021316 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007722d1ea 5 bytes JMP 000000000002126c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4532] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000077237673 5 bytes JMP 000000000002128e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007779f990 5 bytes JMP 0000000000020854 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007779f9c8 5 bytes JMP 00000000000209ca .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007779fa80 5 bytes JMP 0000000000020700 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007779fbc8 5 bytes JMP 0000000000020656 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 000000007779fc48 5 bytes JMP 0000000000020920 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007779fcc0 5 bytes JMP 00000000000203f2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007779fcf0 5 bytes JMP 0000000000020018 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007779fd20 5 bytes JMP 000000000002003a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007779fd50 5 bytes JMP 0000000000020634 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007779fe68 5 bytes JMP 00000000000209a8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007779feb4 5 bytes JMP 00000000000203ae .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007779fee4 5 bytes JMP 0000000000020436 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007779ff60 5 bytes JMP 0000000000020810 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007779ffc4 5 bytes JMP 0000000000020414 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777a0044 5 bytes JMP 00000000000209ec .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777a008c 5 bytes JMP 000000000002036a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777a00a4 5 bytes JMP 0000000000020326 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777a0154 5 bytes JMP 0000000000020128 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777a0264 5 bytes JMP 00000000000201b0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777a083c 5 bytes JMP 0000000000020986 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777a08b4 5 bytes JMP 0000000000020348 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777a0944 5 bytes JMP 0000000000020304 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777a0e94 5 bytes JMP 0000000000020722 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777a1160 5 bytes JMP 00000000000208fe .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777a16a4 5 bytes JMP 00000000000205f0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777a19c0 5 bytes JMP 00000000000203d0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777a1c84 5 bytes JMP 0000000000020744 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777a1df4 5 bytes JMP 000000000002047a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777a1e10 5 bytes JMP 0000000000020458 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777a1e2c 5 bytes JMP 0000000000020a0e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777a1f88 5 bytes JMP 0000000000020964 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777b2a64 5 bytes JMP 00000000000200c2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777b8fe1 5 bytes JMP 0000000000020942 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlSetEnvironmentVariable 00000000777c59a0 5 bytes JMP 0000000000020832 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000777e10bb 5 bytes JMP 000000000002016c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077829577 5 bytes JMP 0000000000020612 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007782f80f 5 bytes JMP 000000000002014a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076ec0e00 5 bytes JMP 00000000000200e4 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076ec1072 5 bytes JMP 00000000000202c0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076ec499f 5 bytes JMP 0000000000020238 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076ed3bbb 5 bytes JMP 000000000002038c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076ed9abc 5 bytes JMP 00000000000207ee .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076ed9b1d 5 bytes JMP 00000000000207aa .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076ee733f 5 bytes JMP 000000000002025a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076ee88f2 5 bytes JMP 00000000000206de .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076eeccc1 5 bytes JMP 0000000000020788 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076eecce1 5 bytes JMP 00000000000207cc .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076f431a9 5 bytes JMP 000000000002029e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076f67603 5 bytes JMP 0000000000020568 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076f67626 5 bytes JMP 000000000002058a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076f679d1 5 bytes JMP 00000000000205ac .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076f67a4a 5 bytes JMP 00000000000205ce .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076d18f85 5 bytes JMP 00000000000200a0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000076d1c538 5 bytes JMP 0000000000020546 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000076d1edb9 5 bytes JMP 00000000000204e0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000076d1f319 5 bytes JMP 00000000000201d2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000076d1fb9c 5 bytes JMP 0000000000020106 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000076d1fcca 5 bytes JMP 0000000000020766 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076d2146c 5 bytes JMP 0000000000020524 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000076d21493 5 bytes JMP 0000000000020502 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d21e3d 5 bytes JMP 000000000002007e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076d21f29 5 bytes JMP 0000000000020216 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d22bcd 5 bytes JMP 000000000002069a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076d22e41 5 bytes JMP 0000000000020678 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d22e7f 5 bytes JMP 00000000000206bc .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076d22fe2 5 bytes JMP 000000000002005c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000076d2396b 5 bytes JMP 000000000002049c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076d23cd8 5 bytes JMP 000000000002018e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000076d245fe 5 bytes JMP 00000000000201f4 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000076d24770 5 bytes JMP 00000000000204be .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076d24799 5 bytes JMP 00000000000202e2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000076d2a37a 5 bytes JMP 0000000000020898 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000076d2a589 5 bytes JMP 00000000000208ba .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000076d2a663 5 bytes JMP 0000000000020876 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000076d2c8a8 5 bytes JMP 000000000002027c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000076d2e414 5 bytes JMP 00000000000208dc .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000076b48e91 5 bytes JMP 0000000000020cb6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000076b49181 5 bytes JMP 0000000000020c72 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000076b4918e 5 bytes JMP 0000000000020d1c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000076b4c4da 5 bytes JMP 0000000000020d82 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000076b4c9f4 5 bytes JMP 0000000000020b1e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000076b4debc 5 bytes JMP 0000000000020c94 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000076b4dede 5 bytes JMP 0000000000020d60 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000076b4def6 1 byte JMP 0000000000020cfa .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash + 2 0000000076b4def8 3 bytes {JMP 0xffffffff894d2e04} .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000076b4df26 5 bytes JMP 0000000000020d3e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076b52b58 5 bytes JMP 0000000000020afc .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000076b53604 5 bytes JMP 0000000000020c0c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076b54959 5 bytes JMP 0000000000020a30 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000076b67154 5 bytes JMP 0000000000020c50 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076b6716c 5 bytes JMP 0000000000020b84 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000076b67184 5 bytes JMP 0000000000020ba6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000076b677cb 5 bytes JMP 0000000000020cd8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076b8338c 5 bytes JMP 0000000000020bc8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076b8339c 5 bytes JMP 0000000000020bea .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000076b833ac 5 bytes JMP 0000000000020b40 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000076b833bc 5 bytes JMP 0000000000020b62 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000076b833fc 5 bytes JMP 0000000000020c2e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007564a472 5 bytes JMP 0000000000020a52 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000756527ce 5 bytes JMP 0000000000020ada .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007565e6cf 1 byte JMP 0000000000020ab8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\msvcrt.dll!__p__environ + 2 000000007565e6d1 3 bytes {JMP 0xffffffff8a9c23e9} .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 0000000076c9633b 5 bytes JMP 0000000000020a74 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 0000000076cb8685 5 bytes JMP 000000000002115c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 0000000076cb86a4 5 bytes JMP 000000000002117e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000076cc40e0 5 bytes JMP 00000000000211a0 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!GetWindowLongW 00000000751c7004 5 bytes JMP 00000000000210b2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000751c78f2 5 bytes JMP 0000000000020e2c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!GetMessageA 00000000751c7be3 5 bytes JMP 0000000000020e0a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000751c8a39 5 bytes JMP 0000000000020ed6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000751c990d 5 bytes JMP 000000000002104c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 00000000751cb6fd 5 bytes JMP 0000000000020a96 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!GetWindowLongA 00000000751cd166 5 bytes JMP 0000000000021090 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!CreateWindowExA 00000000751cd23e 5 bytes JMP 0000000000020ef8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000751cee19 5 bytes JMP 0000000000020de8 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!FindWindowA 00000000751cfff6 5 bytes JMP 0000000000021008 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000751d00e9 5 bytes JMP 000000000002102a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000751d05ca 5 bytes JMP 0000000000020e70 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000751d0e0b 5 bytes JMP 0000000000020f1a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000751d12b5 5 bytes JMP 000000000002113a .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000751d20fc 5 bytes JMP 0000000000020fe6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000751d3bba 5 bytes JMP 0000000000021118 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!PeekMessageA 00000000751d5f84 5 bytes JMP 0000000000020e4e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!CallNextHookEx 00000000751d6295 5 bytes JMP 0000000000020e92 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000751d7613 5 bytes JMP 0000000000020dc6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000751d7678 5 bytes JMP 00000000000210f6 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowTextA 00000000751d7afe 5 bytes JMP 0000000000020fc4 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000751d836c 5 bytes JMP 0000000000020da4 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 00000000751ece64 5 bytes JMP 0000000000020f5e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000751ef54b 5 bytes JMP 0000000000020eb4 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!FindWindowExW 00000000751ef5a8 5 bytes JMP 000000000002106e .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000751f10c0 5 bytes JMP 0000000000020f3c .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007521fd9e 5 bytes JMP 0000000000020f80 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007521fdc2 5 bytes JMP 0000000000020fa2 .text C:\Users\lenovo\Downloads\gmer.exe[3380] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075226e25 5 bytes JMP 00000000000210d4 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [1000:3000] 000007fef5ca5c24 Thread C:\Windows\system32\svchost.exe [1000:3012] 000007fef55e0ea8 Thread C:\Windows\system32\svchost.exe [1000:3024] 000007fef55d9db0 Thread C:\Windows\system32\svchost.exe [1000:2588] 000007fef5caeff0 Thread C:\Windows\system32\svchost.exe [1000:2096] 000007fef54d4f84 Thread C:\Windows\system32\svchost.exe [1000:3276] 000007fef5cabcec Thread C:\Windows\system32\svchost.exe [1000:3304] 000007fef55daa10 Thread C:\Windows\system32\svchost.exe [1000:3308] 000007fef55e1c94 Thread C:\Windows\system32\svchost.exe [1000:4596] 000007fee56fb1b0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb99b9ffa Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb99b9ffa (not active ControlSet) ---- EOF - GMER 2.2 ----