GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-27 21:46:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB Running: 8pbs8j4q.exe; Driver: C:\Users\Paulina\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007756dc80 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007756de80 1 byte JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 000000007756de82 6 bytes {JMP 0xfffffffff8a82290} .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007756dc80 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007756de80 1 byte JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 000000007756de82 6 bytes {JMP 0xfffffffff8a82290} .text C:\Windows\system32\csrss.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\services.exe[664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\services.exe[664] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff323e80 6 bytes {JMP QWORD [RIP+0x11c1b0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077306ef0 6 bytes {JMP QWORD [RIP+0x9139140]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077308184 6 bytes {JMP QWORD [RIP+0x9217eac]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetParent 0000000077308530 6 bytes {JMP QWORD [RIP+0x9157b00]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077309bcc 6 bytes {JMP QWORD [RIP+0x8eb6464]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!PostMessageA 000000007730a404 6 bytes {JMP QWORD [RIP+0x8ef5c2c]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!EnableWindow 000000007730aaa0 6 bytes {JMP QWORD [RIP+0x9255590]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!MoveWindow 000000007730aad0 6 bytes {JMP QWORD [RIP+0x9175560]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007730c720 6 bytes {JMP QWORD [RIP+0x9113910]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007730cd50 6 bytes {JMP QWORD [RIP+0x91f32e0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007730d2b0 6 bytes {JMP QWORD [RIP+0x8f32d80]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageA 000000007730d338 6 bytes {JMP QWORD [RIP+0x8f72cf8]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007730dc40 6 bytes {JMP QWORD [RIP+0x90523f0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007730f510 6 bytes {JMP QWORD [RIP+0x9230b20]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007730f874 6 bytes {JMP QWORD [RIP+0x8e707bc]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007730fac0 6 bytes {JMP QWORD [RIP+0x8fd0570]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077310b74 6 bytes {JMP QWORD [RIP+0x8f4f4bc]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000773133b0 6 bytes {JMP QWORD [RIP+0x8eccc80]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000077314d4d 5 bytes {JMP QWORD [RIP+0x8e8b2e4]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!GetKeyState 0000000077315010 6 bytes {JMP QWORD [RIP+0x90eb020]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077315438 6 bytes {JMP QWORD [RIP+0x900abf8]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageW 0000000077316b50 6 bytes {JMP QWORD [RIP+0x8f894e0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!PostMessageW 00000000773176e4 6 bytes {JMP QWORD [RIP+0x8f0894c]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007731dd90 4 bytes [FF, 25, A0, 22] .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendDlgItemMessageW + 5 000000007731dd95 1 byte [09] .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!GetClipboardData 000000007731e874 6 bytes {JMP QWORD [RIP+0x91c17bc]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007731f780 6 bytes {JMP QWORD [RIP+0x91808b0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000773228e4 6 bytes {JMP QWORD [RIP+0x901d74c]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!mouse_event 0000000077323894 6 bytes {JMP QWORD [RIP+0x8e1c79c]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077328a10 6 bytes {JMP QWORD [RIP+0x90b7620]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077328be0 6 bytes {JMP QWORD [RIP+0x8f97450]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077328c20 6 bytes {JMP QWORD [RIP+0x8e37410]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendInput 0000000077328cd0 6 bytes {JMP QWORD [RIP+0x9097360]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!BlockInput 000000007732ad60 6 bytes {JMP QWORD [RIP+0x91952d0]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000773514e0 6 bytes {JMP QWORD [RIP+0x922eb50]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!keybd_event 00000000773745a4 6 bytes {JMP QWORD [RIP+0x8daba8c]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007737cc08 6 bytes {JMP QWORD [RIP+0x9003428]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007737df18 6 bytes {JMP QWORD [RIP+0x8f82118]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 61004e .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 5c0002 .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\system32\services.exe[664] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\services.exe[664] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 4c282464 .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 1000180d .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\lsass.exe[732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\lsm.exe[752] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff323e80 6 bytes JMP d45190 .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[928] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes CALL 3000025 .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff323e80 6 bytes {JMP QWORD [RIP+0x11c1b0]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 20002 .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes JMP 8bbd111 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes JMP c4b1c4b1 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes JMP 92f2278 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes JMP 105ea53 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes JMP 92721a8 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes JMP 956bdb8 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes JMP 9282b51 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes JMP 1658c0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes JMP 927df38 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes JMP 90c78b8 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes JMP 9105b50 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes JMP 920f450 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes JMP 9376e08 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes JMP 9582178 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes JMP 7552651 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes JMP 93a3d48 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes JMP 90b1bc8 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes JMP 10550d6 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes JMP 4f21c0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes JMP 99b4e28 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes JMP 92ce040 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes JMP 734c558 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes JMP 91d7318 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes JMP 92d15b8 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes JMP a15c0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes JMP 9150cc0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes JMP 1055159 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes JMP c2c6c2d3 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes JMP 64680 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes JMP ad508f .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes JMP 8bbd379 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes JMP 8bf5a58 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes JMP c44dc454 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 260039 .text C:\Windows\System32\svchost.exe[1068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes JMP 8c10b18 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff323e80 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefe5a9190 6 bytes JMP 89481043 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefe7c23e0 6 bytes {JMP QWORD [RIP+0xc9dc50]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 61004e .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 20006d .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes CALL 3000025 .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\nvvsvc.exe[1412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[1436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff323e80 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 10000 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 6f2d .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 4e .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 1000100 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x21db70]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x23a440]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x274648]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x253760]} .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[1540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 70af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1300] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 70b2000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\shell32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Podatnik.info\PIT pro 2015\pproupd.exe[1824] C:\Windows\syswow64\shell32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 70b8000a .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\SYSTEM32\WISPTIS.EXE[2052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2084] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes JMP ffdfe0e4 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes JMP ff0072c6 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes JMP aaaaaaab .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes JMP 405bc000 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes JMP 4429bf28 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes JMP ff474340 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes JMP ff00608f .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes JMP ff423c35 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes JMP ffffffff .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes JMP ff282421 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes JMP ff2d241f .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 20002 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 1852f710 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\Dwm.exe[2100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 41a00000 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP f05a52d4 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefe5a9190 5 bytes [FF, 25, A0, 6E, EB] .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefe7c23e0 6 bytes {JMP QWORD [RIP+0xc7dc50]} .text C:\Windows\Explorer.EXE[2164] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 1e3603b .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes CALL 3000025 .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\taskhost.exe[2296] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 5 .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\taskeng.exe[2424] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2944] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 730079 .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\Wacom_Tablet.exe[3040] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 50] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes CALL 90000000 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 200020 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 222460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 20002 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3068] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70db000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70db000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 00000000cbffd159 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70de000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70de000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7156000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7105000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7144000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7150000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7123000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7102000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7117000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7117000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7153000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7159000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7147000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7108000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 715f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7132000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7138000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7141000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7162000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7114000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7114000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 712f000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712c000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7120000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7126000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7126000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7129000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7129000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7165000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7168000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7135000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7111000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7111000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7174000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716b000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7171000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716e000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7177000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717a000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2624] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 1000100 .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[3080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 490054 .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\Wacom_Tablet.exe[3092] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[3532] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 140000 .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\System32\hkcmd.exe[3940] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x25dd64]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x27db70]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x29a440]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0x217ca8]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes JMP 0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0x236cfc]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x2d4648]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x2b3760]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x3c8ba0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 1000c .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x29a440]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes JMP 1f7668 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x2d4648]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x2b3760]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3956] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x3c8ba0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x3c8ba0]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x27db70]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0x217ca8]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0x1f7668]} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 2d4648 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3964] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x25dd64]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP c68b4c0b .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x29a440]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0x217ca8]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes JMP 20736968 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP e8cf8bf9 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x2b3760]} .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 1000100 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 0 .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Windows\system32\igfxext.exe[4004] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes JMP 0 .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\wbem\unsecapp.exe[4100] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\System32\WUDFHost.exe[4360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4624] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP c07 .text C:\Windows\system32\SearchIndexer.exe[4864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70be000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70be000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70df000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70df000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70ac000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70ac000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7180000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 7177000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 7183000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 717d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 717a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 714e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7142000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 70fd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 713c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7136000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7154000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7103000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7103000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7148000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 711b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7112000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7112000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 70fa000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 710f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 710f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 714b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7145000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7151000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 713f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7100000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7157000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 712a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7130000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 715a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 710c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 710c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7127000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7124000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7118000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 711e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7121000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7121000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7106000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70f7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 715d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7160000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7133000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 712d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7109000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7109000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7115000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7115000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 7186000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 716e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7163000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 716b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 718f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7192000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7166000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7171000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 7174000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x25dd64]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x27db70]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x29a440]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0x217ca8]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0x1f7668]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0x236cfc]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x2d4648]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x2b3760]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 6e037999 .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe[5008] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\shell32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5044] C:\Windows\syswow64\shell32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 70b8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70be000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70be000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70df000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70df000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70ac000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70ac000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70b8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70b8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70af000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7180000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 7177000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 7183000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 717d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 717a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 714e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7142000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 70fd000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 713c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7136000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7154000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7103000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7103000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7148000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 711b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7112000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7112000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 70fa000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 710f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 710f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 714b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7145000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7151000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 713f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7100000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7157000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 712a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7130000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7139000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 715a000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 710c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 710c000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7127000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7124000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7118000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 711e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 711e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7121000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7121000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7106000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70f7000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 715d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7160000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7133000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 712d000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7109000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7109000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7115000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7115000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 7186000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 716e000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7163000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 716b000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 718f000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7192000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7166000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7171000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 7174000a .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[5064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b9000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b9000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70da000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70da000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c5000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c5000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cb000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cb000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c2000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c2000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f2000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f2000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70ce000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70ce000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e6000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e6000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e3000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e3000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c8000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c8000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b3000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b3000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f8000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f8000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fb000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fb000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d7000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d7000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70ef000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70ef000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f5000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f5000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e9000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e9000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ec000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ec000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70bf000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70bf000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b6000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b6000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d4000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d4000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70bc000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70bc000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d1000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d1000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e0000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e0000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70dd000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70dd000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetWindowLongW 0000000076d28332 6 bytes JMP 7155000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7149000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7104000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000076d29679 6 bytes JMP 7143000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713d000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715b000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710a000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710a000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000076d312a5 6 bytes JMP 714f000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!GetKeyState 0000000076d3291f 6 bytes JMP 7122000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetParent 0000000076d32d64 3 bytes JMP 7119000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetParent + 4 0000000076d32d68 2 bytes JMP 7119000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!EnableWindow 0000000076d32da4 6 bytes JMP 7101000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000076d33698 3 bytes JMP 7116000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7116000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076d33baa 6 bytes JMP 7152000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetWindowLongA 0000000076d36110 6 bytes JMP 7158000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageA 0000000076d3612e 6 bytes JMP 7146000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7107000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076d37603 6 bytes JMP 715e000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7131000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7137000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7140000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7161000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7113000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7113000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 712e000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712b000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 711f000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7125000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7125000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendInput 0000000076d4ff4a 3 bytes JMP 7128000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7128000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076d69f1d 6 bytes JMP 710d000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000076d71497 6 bytes JMP 70fe000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!mouse_event 0000000076d8027b 6 bytes JMP 7164000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713a000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7134000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!BlockInput 0000000076d87dd7 3 bytes JMP 7110000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7110000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70de000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70de000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 00000000cbffd069 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7180000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 7177000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 7183000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 717d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 717a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7150000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7144000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 713e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7138000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7156000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7105000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7105000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 714a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 711d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7114000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7114000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7111000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7111000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 714d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7147000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7153000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7141000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7102000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7159000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 712c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7132000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 713b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 715c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 710e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 710e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7129000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7126000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 711a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7120000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7120000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7123000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7123000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7108000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70f9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 715f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7162000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7135000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 712f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 710b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 710b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7117000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7117000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 7186000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 716e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7165000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 716b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 718f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7192000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7168000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7171000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3672] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 7174000a .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007756dd50 8 bytes JMP 000000006fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 8 bytes JMP 000000006fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 8 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes {JMP QWORD [RIP+0x1ddb70]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes {JMP QWORD [RIP+0x234648]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes {JMP QWORD [RIP+0x213760]} .text C:\Windows\system32\svchost.exe[2912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[2820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077411870 6 bytes {JMP QWORD [RIP+0x8cee7c0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007741dbc0 6 bytes {JMP QWORD [RIP+0x8c42470]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007748f510 6 bytes {JMP QWORD [RIP+0x8c10b20]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007748f540 6 bytes {JMP QWORD [RIP+0x8c50af0]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007748f710 6 bytes {JMP QWORD [RIP+0x8bf0920]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000774954e0 6 bytes {JMP QWORD [RIP+0x8c2ab50]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff6822cc 6 bytes {JMP QWORD [RIP+0x1add64]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!BitBlt 000007feff6824c0 6 bytes JMP 1000100 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff685bf0 6 bytes {JMP QWORD [RIP+0x1fa440]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff688388 6 bytes {JMP QWORD [RIP+0xc7ca8]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff6889c8 6 bytes {JMP QWORD [RIP+0xa7668]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!GetPixel 000007feff689334 6 bytes {JMP QWORD [RIP+0xe6cfc]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff68b9e8 6 bytes JMP 0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff68c8d0 6 bytes JMP 0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3048] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes JMP 0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\shell32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2136] C:\Windows\syswow64\shell32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 70b8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70da000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70da000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f2000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70ce000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70ce000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b3000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fb000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d7000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70ef000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70ef000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f5000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e9000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ec000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ec000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70bf000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70bf000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b6000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d4000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70bc000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70bc000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d1000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e0000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e0000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70dd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70dd000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7155000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7149000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7104000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7143000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715b000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 714f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7122000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7119000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7119000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7101000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7116000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7116000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7152000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7158000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7146000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7107000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 715e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7131000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7137000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7140000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7161000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7113000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7113000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 712e000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712b000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 711f000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7125000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7125000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7128000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7128000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710d000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70fe000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7164000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713a000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7134000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7110000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7110000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711c000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2268] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70de000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70de000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 00000000cbffd069 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70db000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70db000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7180000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 7177000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 7183000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 717d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 717a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7150000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7144000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 713e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7138000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7156000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7105000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7105000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 714a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 711d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7114000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7114000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7111000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7111000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 714d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7147000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7153000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7141000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7102000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7159000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 712c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7132000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 713b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 715c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 710e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 710e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7129000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7126000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 711a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7120000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7120000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7123000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7123000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7108000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 70f9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 715f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7162000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7135000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 712f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 710b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 710b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7117000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7117000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 7186000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 716e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7165000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 716b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 718f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7192000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7168000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7171000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 7174000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[6660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[7164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077543210 6 bytes {JMP QWORD [RIP+0x8afce20]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007756dcc0 6 bytes {JMP QWORD [RIP+0x8ab2370]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007756dd90 6 bytes {JMP QWORD [RIP+0x92f22a0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007756de90 6 bytes {JMP QWORD [RIP+0x91921a0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007756df00 6 bytes {JMP QWORD [RIP+0x9272130]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007756df40 6 bytes {JMP QWORD [RIP+0x92320f0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007756dfe0 6 bytes {JMP QWORD [RIP+0x9292050]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007756e050 6 bytes {JMP QWORD [RIP+0x9091fe0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007756e070 6 bytes {JMP QWORD [RIP+0x9211fc0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007756e0b0 6 bytes {JMP QWORD [RIP+0x9111f80]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007756e100 6 bytes {JMP QWORD [RIP+0x9131f30]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007756e120 6 bytes {JMP QWORD [RIP+0x9251f10]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007756e310 6 bytes {JMP QWORD [RIP+0x9331d20]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007756e320 6 bytes {JMP QWORD [RIP+0x9051d10]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007756e420 6 bytes {JMP QWORD [RIP+0x9031c10]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007756e4f0 6 bytes {JMP QWORD [RIP+0x91b1b40]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007756e530 6 bytes {JMP QWORD [RIP+0x90b1b00]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007756e5a0 6 bytes {JMP QWORD [RIP+0x9071a90]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007756e5d0 6 bytes {JMP QWORD [RIP+0x90f1a60]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007756e630 6 bytes {JMP QWORD [RIP+0x90d1a00]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007756e640 6 bytes {JMP QWORD [RIP+0x92b19f0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007756e650 6 bytes {JMP QWORD [RIP+0x93119e0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007756e9c0 6 bytes {JMP QWORD [RIP+0x91d1670]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007756ea50 6 bytes {JMP QWORD [RIP+0x92d15e0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007756f2c0 6 bytes {JMP QWORD [RIP+0x91f0d70]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007756f340 6 bytes {JMP QWORD [RIP+0x9150cf0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007756f3c0 6 bytes {JMP QWORD [RIP+0x9170c70]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd464c30 5 bytes [FF, 25, 00, B4, 0C] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd46a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5164] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff497490 6 bytes {JMP QWORD [RIP+0x278ba0]} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b09d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c79708 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e7b901 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007771f9dc 3 bytes JMP 71af000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 000000007771f9e0 2 bytes JMP 71af000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007771fb24 3 bytes JMP 70c1000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 000000007771fb28 2 bytes JMP 70c1000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007771fcac 3 bytes JMP 70e2000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 000000007771fcb0 2 bytes JMP 70e2000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007771fd60 3 bytes JMP 70cd000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007771fd64 2 bytes JMP 70cd000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007771fdc4 3 bytes JMP 70d3000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 000000007771fdc8 2 bytes JMP 70d3000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007771febc 3 bytes JMP 70ca000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 000000007771fec0 2 bytes JMP 70ca000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007771ff70 3 bytes JMP 70fa000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 000000007771ff74 2 bytes JMP 70fa000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007771ffa0 3 bytes JMP 70d6000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 000000007771ffa4 2 bytes JMP 70d6000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077720000 3 bytes JMP 70ee000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077720004 2 bytes JMP 70ee000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077720080 3 bytes JMP 70eb000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077720084 2 bytes JMP 70eb000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777200b0 3 bytes JMP 70d0000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000777200b4 2 bytes JMP 70d0000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777203b4 3 bytes JMP 70bb000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000777203b8 2 bytes JMP 70bb000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000777203cc 3 bytes JMP 7100000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000777203d0 2 bytes JMP 7100000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 000000007772054c 3 bytes JMP 7103000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077720550 2 bytes JMP 7103000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077720690 3 bytes JMP 70df000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077720694 2 bytes JMP 70df000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000777206f0 3 bytes JMP 70f7000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000777206f4 2 bytes JMP 70f7000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077720798 3 bytes JMP 70fd000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 000000007772079c 2 bytes JMP 70fd000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000777207e0 3 bytes JMP 70f1000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000777207e4 2 bytes JMP 70f1000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077720870 3 bytes JMP 70f4000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077720874 2 bytes JMP 70f4000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077720888 3 bytes JMP 70c7000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007772088c 2 bytes JMP 70c7000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777208a0 3 bytes JMP 70be000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000777208a4 2 bytes JMP 70be000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077720df0 3 bytes JMP 70dc000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077720df4 2 bytes JMP 70dc000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077720ed4 3 bytes JMP 70c4000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077720ed8 2 bytes JMP 70c4000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077721be0 3 bytes JMP 70d9000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077721be4 2 bytes JMP 70d9000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077721cb0 3 bytes JMP 70e8000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077721cb4 2 bytes JMP 70e8000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077721d88 3 bytes JMP 70e5000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077721d8c 2 bytes JMP 70e5000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077743b9b 6 bytes JMP 71a8000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077003b93 3 bytes JMP 719c000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077003b97 2 bytes JMP 719c000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077009a74 6 bytes JMP 7187000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077013b32 6 bytes JMP 717e000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007701ccd1 6 bytes JMP 718a000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007706dc2e 6 bytes JMP 7184000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007706dcd1 6 bytes JMP 7181000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007563f784 6 bytes JMP 719f000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075642c9e 4 bytes CALL 71ac0000 .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000076d28332 6 bytes JMP 715d000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076d28bff 6 bytes JMP 7151000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076d290d3 6 bytes JMP 710c000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076d29679 6 bytes JMP 714b000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076d297d2 6 bytes JMP 7145000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076d2ee09 6 bytes JMP 7163000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076d2efc9 3 bytes JMP 7112000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 0000000076d2efcd 2 bytes JMP 7112000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076d312a5 6 bytes JMP 7157000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076d3291f 6 bytes JMP 712a000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetParent 0000000076d32d64 3 bytes JMP 7121000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000076d32d68 2 bytes JMP 7121000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076d32da4 6 bytes JMP 7109000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076d33698 3 bytes JMP 711e000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000076d3369c 2 bytes JMP 711e000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076d33baa 6 bytes JMP 715a000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076d33c61 6 bytes JMP 7154000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000076d36110 6 bytes JMP 7160000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076d3612e 6 bytes JMP 714e000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076d36c30 6 bytes JMP 710f000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076d37603 6 bytes JMP 7166000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076d37668 6 bytes JMP 7139000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076d376e0 6 bytes JMP 713f000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076d3781f 6 bytes JMP 7148000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076d3835c 6 bytes JMP 7169000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076d3c4b6 3 bytes JMP 711b000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 0000000076d3c4ba 2 bytes JMP 711b000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076d4c112 6 bytes JMP 7136000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076d4d0f5 6 bytes JMP 7133000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076d4eb96 6 bytes JMP 7127000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076d4ec68 3 bytes JMP 712d000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 0000000076d4ec6c 2 bytes JMP 712d000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendInput 0000000076d4ff4a 3 bytes JMP 7130000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000076d4ff4e 2 bytes JMP 7130000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076d69f1d 6 bytes JMP 7115000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076d71497 6 bytes JMP 7106000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076d8027b 6 bytes JMP 716c000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076d802bf 6 bytes JMP 716f000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076d86cfc 6 bytes JMP 7142000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076d86d5d 6 bytes JMP 713c000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076d87dd7 3 bytes JMP 7118000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000076d87ddb 2 bytes JMP 7118000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076d888eb 3 bytes JMP 7124000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 0000000076d888ef 2 bytes JMP 7124000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000771d58b3 6 bytes JMP 718d000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!BitBlt 00000000771d5ea6 6 bytes JMP 717b000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000771d7bcc 6 bytes JMP 7196000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!StretchBlt 00000000771db895 6 bytes JMP 7172000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!MaskBlt 00000000771dc332 6 bytes JMP 7178000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!GetPixel 00000000771dcbfb 6 bytes JMP 7190000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000771de743 6 bytes JMP 7193000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077204857 6 bytes JMP 7175000a .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000771b1401 2 bytes JMP 7701b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000771b1419 2 bytes JMP 7701b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000771b1431 2 bytes JMP 77098f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000771b144a 2 bytes CALL 76ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771b14dd 2 bytes JMP 77098802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771b14f5 2 bytes JMP 770989d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000771b150d 2 bytes JMP 770986f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000771b1525 2 bytes JMP 77098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000771b153d 2 bytes JMP 7700fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000771b1555 2 bytes JMP 770168bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000771b156d 2 bytes JMP 77098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000771b1585 2 bytes JMP 77098b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000771b159d 2 bytes JMP 770986bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771b15b5 2 bytes JMP 7700fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771b15cd 2 bytes JMP 7701b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771b16b2 2 bytes JMP 77098e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paulina\Downloads\8pbs8j4q.exe[6548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771b16bd 2 bytes JMP 77098651 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{65C6B524-3912-4CAC-BF22-6EA4830DC972}?\Device\{F666760E-DF95-4B97-A95F-BEB05F20FE70}?\Device\{3C466C03-802D-4E27-9AB2-BF74978E94B1}?\Device\{7C9522C1-C004-434E-B9CB-69078F00F415}?\Device\{792D48E5-495B-4FF4-BFD1-00516CF77A6B}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{65C6B524-3912-4CAC-BF22-6EA4830DC972}"?"{F666760E-DF95-4B97-A95F-BEB05F20FE70}"?"{3C466C03-802D-4E27-9AB2-BF74978E94B1}"?"{7C9522C1-C004-434E-B9CB-69078F00F415}"?"{792D48E5-495B-4FF4-BFD1-00516CF77A6B}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{65C6B524-3912-4CAC-BF22-6EA4830DC972}?\Device\TCPIP6TUNNEL_{F666760E-DF95-4B97-A95F-BEB05F20FE70}?\Device\TCPIP6TUNNEL_{3C466C03-802D-4E27-9AB2-BF74978E94B1}?\Device\TCPIP6TUNNEL_{7C9522C1-C004-434E-B9CB-69078F00F415}?\Device\TCPIP6TUNNEL_{792D48E5-495B-4FF4-BFD1-00516CF77A6B}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167308192 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167308192@d4e8b2901bdd 0xDA 0xB1 0xED 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8da962d7a Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65C6B524-3912-4CAC-BF22-6EA4830DC972}@InterfaceName isatap.{A366AE7F-30DF-4456-B86A-4F71C781E3F9} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{65C6B524-3912-4CAC-BF22-6EA4830DC972}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xBB 0x1D 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE8 0xD7 0xF3 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0xD6 0x7D 0x06 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167308192 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167308192@d4e8b2901bdd 0xDA 0xB1 0xED 0x08 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8da962d7a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0xBB 0x1D 0x38 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE8 0xD7 0xF3 0x9D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0xD6 0x7D 0x06 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Paulina\Desktop\\x30b2\x30fc\x30e0\FlipWordsPl_20092.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Paulina\Desktop\\x30b2\x30fc\x30e0\Alchemy.exe 512 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code