GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-19 11:07:20 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 ST1000LM rev.2BA3 931,51GB Running: qemy2kho.exe; Driver: C:\Users\Asus\AppData\Local\Temp\awlcqaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007724bde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007724bfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007724bde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007724bfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\services.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe772930 5 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03e8 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\services.exe[748] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\lsass.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\lsass.exe[772] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\lsm.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\lsm.exe[780] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe772930 5 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03e8 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe772930 5 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03e8 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007724beb0 8 bytes JMP 000000006fff00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 1 byte JMP 000000006fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 2 000000007724c282 6 bytes {JMP 0xfffffffff8da3e90} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1040] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\svchost.exe[1124] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\svchost.exe[1172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe772930 5 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03e8 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\AUDIODG.EXE[1304] C:\Windows\System32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[1404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\igfxCUIService.exe[1480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 70360000 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000000679a47b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000000679a493 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000000679a4ab .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4 .text ... * 9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000000679a557 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000000679a56f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000000679a587 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000000679a59f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000000679a5b7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000000679a5cf .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000000679a5e7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000000679a5ff .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000000679a617 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000000679a62f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000005c37ce47 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000000679a72c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000000679a737 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1632] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefd110260 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\nvvsvc.exe[1640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6a7dc88 5 bytes JMP 000007fef68700d8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6a7de10 5 bytes JMP 000007fef6870110 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\Explorer.EXE[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\Explorer.EXE[1880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6ea00000 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[2012] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e0e0000 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e570000 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d940000 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[1804] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe772930 5 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03e8 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 708a0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2140] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\svchost.exe[2176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\taskhost.exe[2324] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefd110260 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 0000000000cdf4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e170000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d8c0000 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Users\Asus\AppData\Local\Microsoft\BingSvc\BingSvc.exe[2692] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d780000 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000000679a47b .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000000679a493 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000000679a4ab .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4 .text ... * 9 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000000679a557 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000000679a56f .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000000679a587 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000000679a59f .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000000679a5b7 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000000679a5cf .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000000679a5e7 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000000679a5ff .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000000679a617 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000000679a62f .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000005c37ce47 .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000000679a72c .text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2712] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000000679a737 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\system32\taskeng.exe[2744] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefd110260 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6f160000 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000748b17fa 2 bytes CALL 755f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000748b1860 2 bytes CALL 755f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000748b1942 2 bytes JMP 759d6da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\esif_uf.exe[2912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000748b194d 2 bytes JMP 759de8de C:\Windows\syswow64\WS2_32.dll .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d710000 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\ProgramData\MobileBrServ\mbbservice.exe[2940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d580000 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[2992] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[1784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 70600000 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2652] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3200] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3316] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[3404] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\WUDFHost.exe[3568] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6f210000 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e8c0000 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3808] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6d790000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 70160000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3844] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 71240000 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[3856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 712e0000 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Windows\TEMP\DPTF\esif_assist.exe[3888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\SearchIndexer.exe[3256] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007724beb0 8 bytes JMP 000000006ffe00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefcf900d8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefcf90180 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefcf90110 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefcf90148 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefcf901f0 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefcf901b8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcf90228 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4896] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefcf90260 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007710f492 5 bytes {JMP 0xfffffffff8ee1690} .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006fff0a78 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006fff03b0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006fff0880 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006fff0378 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\svchost.exe[3628] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e8a0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6f370000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\System32\WUDFHost.exe[3436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 6e240000 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\ProgramData\MobileBrServ\tray.exe[3108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 000000007275c3f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe12c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 14 bytes {MOV RAX, 0x7fee88a64e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe1060 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe11e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe1178 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe1140 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe11b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe1338 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0df8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe1098 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0e68 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 8 bytes JMP 000000006ffe0f48 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe1258 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe10d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe1108 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077105330 7 bytes JMP 000000006ffe0d88 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077106c20 5 bytes JMP 000000006fff02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077106ea0 8 bytes JMP 000000006ffe0ae8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000771080e4 7 bytes JMP 000000006ffe0c70 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetParent 0000000077108480 8 bytes JMP 000000006ffe0b20 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077109b10 6 bytes JMP 000000006ffe0618 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PostMessageA 000000007710a354 5 bytes JMP 000000006ffe06f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007710a510 5 bytes JMP 000000006fff0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!EnableWindow 000000007710aa00 9 bytes JMP 000000006ffe0ce0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!MoveWindow 000000007710aa30 8 bytes JMP 000000006ffe0b58 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007710b474 6 bytes JMP 000000006ffe0688 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007710c63c 5 bytes JMP 000000006ffe0ab0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007710cc90 8 bytes JMP 000000006ffe0c38 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007710d204 5 bytes JMP 000000006ffe0768 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageA 000000007710d290 5 bytes JMP 000000006ffe07d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007710dbc0 9 bytes JMP 000000006ffe0960 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007710f490 7 bytes JMP 000000006ffe0ca8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007710f804 9 bytes JMP 000000006ffe05a8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007710fa50 9 bytes JMP 000000006ffe0880 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000771107b8 7 bytes JMP 000000006fff0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077110b14 10 bytes JMP 000000006ffe07a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000077113340 8 bytes JMP 000000006ffe0650 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PeekMessageA 00000000771139b0 5 bytes JMP 000000006ffe0458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077114ccc 5 bytes JMP 000000006ffe05e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetKeyState 0000000077114f80 5 bytes JMP 000000006ffe0a78 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000771153d0 7 bytes JMP 000000006ffe08f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetMessageA 00000000771160d0 7 bytes JMP 000000006ffe03e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!IsDialogMessageW 0000000077116680 5 bytes JMP 000000006ffe0538 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageW 0000000077116b04 5 bytes JMP 000000006ffe0810 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000771176ac 8 bytes JMP 000000006ffe06c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PostMessageW 00000000771176d4 7 bytes JMP 000000006ffe0730 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!PeekMessageW 0000000077118fd4 5 bytes JMP 000000006ffe0490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!TranslateMessage 00000000771196e0 6 bytes JMP 000000006ffe04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetMessageW 0000000077119e54 6 bytes JMP 000000006ffe0420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000000007711cd04 9 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007711dd9c 5 bytes JMP 000000006ffe09d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetClipboardData 000000007711e854 5 bytes JMP 000000006ffe0c00 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007711f780 8 bytes JMP 000000006ffe0b90 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000771228d4 12 bytes JMP 000000006ffe0928 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!mouse_event 0000000077123874 7 bytes JMP 000000006ffe03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000771289c0 8 bytes JMP 000000006ffe0a40 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077128b88 12 bytes JMP 000000006ffe0848 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077128bd0 12 bytes JMP 000000006ffe0570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendInput 0000000077128c90 8 bytes JMP 000000006ffe0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!BlockInput 000000007712ad10 8 bytes JMP 000000006ffe0bc8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!ClipCursor 000000007712ad60 8 bytes JMP 000000006ffe0d50 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077150744 5 bytes JMP 000000006fff0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000077151534 5 bytes JMP 000000006ffe0d18 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!IsDialogMessage 00000000771532b8 7 bytes JMP 000000006ffe0500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000771745b0 5 bytes JMP 000000006ffe0dc0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!keybd_event 0000000077174610 7 bytes JMP 000000006ffe0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007717cc7c 5 bytes JMP 000000006ffe0998 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007717df8c 7 bytes JMP 000000006ffe08b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefd110228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefd110260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe12c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe1060 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe11e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe1178 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe1140 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe11b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe1338 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0df8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe1098 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0e68 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 8 bytes JMP 000000006ffe0f48 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe1258 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe10d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe1108 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe12c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe1060 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe11e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe1178 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1220 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0ea0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe1140 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0f80 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0fb8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe11b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe1338 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0e30 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0df8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe1098 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0ed8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0e68 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 8 bytes JMP 000000006ffe0f48 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0f10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe1258 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1300 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe10d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1290 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe1108 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0ff0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2312] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5144] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007724be00 7 bytes [48, B8, 60, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007724be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007724bf70 7 bytes [48, B8, E0, 0D, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007724bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007724bf90 7 bytes [48, B8, D0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007724bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007724bfa0 7 bytes [48, B8, C0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007724bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007724bfb0 7 bytes [48, B8, 40, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007724bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007724bfd0 7 bytes [48, B8, B0, 0C, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007724bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007724c020 7 bytes [48, B8, 50, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007724c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007724c030 7 bytes [48, B8, 20, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007724c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 7 bytes [48, B8, 40, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007724c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007724c100 7 bytes [48, B8, 80, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007724c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 7 bytes [48, B8, C0, 0E, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007724c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007724ccf0 7 bytes [48, B8, 00, 12, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007724ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007724cd40 7 bytes [48, B8, A0, 11, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007724cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007724ce90 7 bytes [48, B8, A0, 0F, 15, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007724ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1100d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd110180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd110110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd110148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1101f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1101b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] C:\Windows\system32\CRYPT32.dll!CertVerifyCertificateChainPolicy 000007fefcfb653c 7 bytes JMP 000007fefcf900d8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006ffe0110 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006ffe00d8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006ffe1140 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006ffe0ed8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006ffe1060 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006ffe0ff0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006ffe1098 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006ffe0d18 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006ffe0fb8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006ffe0df8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006ffe0e30 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006ffe1028 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006ffe11b0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006ffe0ca8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006ffe0c70 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006ffe0f10 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006ffe0d50 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006ffe0ce0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006ffe0dc0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8d94690} .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006ffe0d88 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006ffe10d0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006ffe1178 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006ffe0f48 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006ffe1108 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006ffe0f80 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006ffe0e68 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006ffe0ea0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fe2b60 13 bytes JMP 000000006ffe0260 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076fea3f0 7 bytes JMP 000000006fff0228 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076ff1870 5 bytes JMP 000000006ffe0180 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ff3f00 5 bytes JMP 000000006fff0180 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076ffdd20 5 bytes JMP 000000006ffe0148 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007700ffd0 5 bytes JMP 000000006fff01b8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007701f3f0 5 bytes JMP 000000006fff0110 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077049c80 7 bytes JMP 000000006fff00d8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077059710 5 bytes JMP 000000006fff0148 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007706f6e0 8 bytes JMP 000000006ffe0340 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007706f710 5 bytes JMP 000000006ffe02d0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileW 000000007706f7e0 10 bytes JMP 000000006ffe01f0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007706f8e0 8 bytes JMP 000000006ffe0308 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007706f910 10 bytes JMP 000000006ffe0228 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileA 000000007706f940 10 bytes JMP 000000006ffe01b8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077075730 5 bytes JMP 000000006ffe0298 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077078ab0 7 bytes JMP 000000006fff01f0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1232f0 7 bytes JMP 000007fefd1000d8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd12aa60 5 bytes JMP 000007fefd100180 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12ac00 5 bytes JMP 000007fefd100110 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd139ac0 5 bytes JMP 000007fefd100148 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd568840 8 bytes JMP 000007fefd1001f0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd56b9f0 8 bytes JMP 000007fefd1001b8 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefd100228 .text C:\Users\Asus\Downloads\FRST64.exe[4220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff33b4f0 7 bytes JMP 000007fefd100260 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077222280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007724be20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007724bef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007724bff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007724c060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007724c0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007724c140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007724c1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007724c1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007724c210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007724c260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007724c280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007724c470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007724c480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007724c580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007724c650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007724c690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007724c700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007724c730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 000000007724c732 6 bytes {JMP 0xfffffffff8da4690} .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007724c790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007724c7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007724c7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007724cb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007724cbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007724d420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007724d4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007724d520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd133a50 7 bytes JMP 000007fefcaf0148 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefd5622e0 5 bytes JMP 000007fefcaf02d0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!BitBlt 000007fefd562390 5 bytes JMP 000007fefcaf0308 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefd563e20 5 bytes JMP 000007fefcaf0298 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefd567574 5 bytes JMP 000007fefcaf0340 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefd5681f4 9 bytes JMP 000007fefcaf01f0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefd568824 9 bytes JMP 000007fefcaf01b8 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!GetPixel 000007fefd568d7c 5 bytes JMP 000007fefcaf0228 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefd56bab4 5 bytes JMP 000007fefcaf03b0 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefd56c7b0 5 bytes JMP 000007fefcaf0378 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefd5752d0 5 bytes JMP 000007fefcaf0260 .text C:\Windows\system32\taskeng.exe[5620] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff326d10 11 bytes JMP 000007fefcaf0180 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000773ff9f0 5 bytes JMP 0000000072762c50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000773ffb38 5 bytes JMP 00000000727583c0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773ffcc0 5 bytes JMP 0000000072757970 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000773ffd74 5 bytes JMP 0000000072759180 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000773ffdd8 5 bytes JMP 0000000072758760 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000773ffed0 5 bytes JMP 000000007275ac90 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000773fff84 5 bytes JMP 0000000072756be0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000773fffb4 5 bytes JMP 0000000072758970 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077400014 5 bytes JMP 0000000072757530 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077400094 5 bytes JMP 0000000072757780 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774000c4 5 bytes JMP 0000000072758d20 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000774003c8 5 bytes JMP 000000007275a180 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000774003e0 5 bytes JMP 000000007275ba50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077400560 5 bytes JMP 000000007275b770 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000774006a4 5 bytes JMP 0000000072757b60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077400704 5 bytes JMP 000000007275bb60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000774007ac 5 bytes JMP 0000000072756ad0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000774007f4 5 bytes JMP 000000007275bc70 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077400884 5 bytes JMP 0000000072756cf0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007740089c 5 bytes JMP 000000007275af60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000774008b4 5 bytes JMP 000000007275a6b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077400e04 5 bytes JMP 0000000072757dd0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077400ee8 5 bytes JMP 00000000727581d0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077401bf4 5 bytes JMP 0000000072757fc0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077401cc4 5 bytes JMP 000000007275ab40 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077401d9c 5 bytes JMP 00000000727585b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007741d2f6 7 bytes JMP 0000000072762ad0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755f1eee 3 bytes JMP 00000000725f3b60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 4 00000000755f1ef2 3 bytes [FD, CC, CC] .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755f5b85 7 bytes JMP 00000000725f41b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075601409 7 bytes JMP 00000000725f3dc0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075603bbb 5 bytes JMP 0000000072755740 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075609abc 5 bytes JMP 000000007274f260 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007560ea5d 7 bytes JMP 00000000725f3b50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075613b7a 7 bytes JMP 000000007274fe20 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007561cd11 5 bytes JMP 000000007274ef50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007566ddde 7 bytes JMP 000000007274f490 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007566de81 7 bytes JMP 000000007274f7a0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756990c4 7 bytes JMP 00000000725f36a0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075699149 5 bytes JMP 00000000725f3750 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007569949f 5 bytes JMP 00000000725f36b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007535f8a7 5 bytes JMP 0000000072762ab0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075361e4c 5 bytes JMP 00000000725f3660 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075361efa 5 bytes JMP 00000000725f3620 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075362bdc 5 bytes JMP 00000000725f3760 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075362e0b 4 bytes CALL 70150000 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075362e7e 5 bytes JMP 00000000725f3460 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075718332 5 bytes JMP 0000000072763c20 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000000725f2b00 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075718bff 5 bytes JMP 0000000072764590 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757190d3 7 bytes JMP 0000000072763640 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075719679 5 bytes JMP 0000000072764a80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757197d2 5 bytes JMP 0000000072764ff0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007571ee21 5 bytes JMP 0000000072763810 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007571efe1 5 bytes JMP 0000000072767720 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000757212bd 5 bytes JMP 00000000727640a0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075722797 5 bytes JMP 00000000727666b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075723ef0 5 bytes JMP 0000000072766d60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetParent 00000000757245cc 5 bytes JMP 0000000072766f80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007572460c 5 bytes JMP 0000000072767940 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075724713 5 bytes JMP 0000000072766920 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000757247e5 5 bytes JMP 0000000072766410 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075724bbc 5 bytes JMP 0000000072763e00 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075724d1d 5 bytes JMP 0000000072764340 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075725645 5 bytes JMP 00000000725f33e0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000757271e0 5 bytes JMP 0000000072763a40 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000757271fe 5 bytes JMP 00000000727647e0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075727d59 7 bytes JMP 0000000072763460 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000757281f5 5 bytes JMP 0000000072763140 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007572825a 5 bytes JMP 0000000072765a80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757282d2 5 bytes JMP 0000000072765550 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075728411 5 bytes JMP 0000000072764d20 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075728f4c 5 bytes JMP 0000000072762e80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007572cc1e 5 bytes JMP 0000000072767170 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!ClipCursor 000000007572f2b3 5 bytes JMP 0000000072767d50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007573a072 5 bytes JMP 0000000072765d10 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007573dbf5 5 bytes JMP 0000000072765f60 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007573f61f 5 bytes JMP 00000000725f3450 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff2a 5 bytes JMP 00000000727661b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000757598b5 5 bytes JMP 0000000072767fb0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075759fa4 5 bytes JMP 0000000072767510 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075760867 5 bytes JMP 00000000725f2940 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075761533 5 bytes JMP 0000000072767b70 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075770299 5 bytes JMP 0000000072768150 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!mouse_event 000000007577030f 5 bytes JMP 0000000072750d70 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075770353 5 bytes JMP 0000000072750ba0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075776d94 5 bytes JMP 00000000727652b0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075776df5 5 bytes JMP 00000000727657f0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075777af4 5 bytes JMP 00000000725f33c0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075777e6f 5 bytes JMP 0000000072767340 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075778983 5 bytes JMP 0000000072766b80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075df58b3 5 bytes JMP 0000000072751960 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075df5ea5 5 bytes JMP 0000000072750f80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075df7bcc 1 byte JMP 00000000727508d0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!CreateDCA + 2 0000000075df7bce 3 bytes {JMP 0xfffffffffc958d04} .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 0000000075dfae82 5 bytes JMP 0000000072751f00 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075dfb98a 5 bytes JMP 0000000072751a30 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075dfbd7d 5 bytes JMP 00000000727516e0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 0000000075dfc08c 5 bytes JMP 0000000072751c70 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075dfcf11 5 bytes JMP 00000000727511f0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075dfe935 5 bytes JMP 0000000072750a80 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075e0e757 5 bytes JMP 00000000725f2c40 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075e0e991 5 bytes JMP 00000000725f2c50 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075e24aa2 5 bytes JMP 0000000072751470 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075815e75 5 bytes JMP 00000000725f2ac0 .text C:\Users\Asus\Downloads\qemy2kho.exe[4504] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075849cbb 5 bytes JMP 00000000725f2a50 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3789148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee37889c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3789130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee3789390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5188] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee28c25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3789148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee37889c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3789130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee3789390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5216] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee28c25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3789148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee37889c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3789130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee3789390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5184] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee28c25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3789148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee37889c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3789130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee3789390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee28c25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee3789148] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee37889c4] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee3789130] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee3789390] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1112] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee28c25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\40b89a76b58a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\40b89a76b58a@e0db10a9c2fd 0x0D 0xF4 0xB5 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\40b89a76b58a@0011671111ad 0x3E 0xA7 0x7A 0x62 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\40b89a76b58a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\40b89a76b58a@e0db10a9c2fd 0x0D 0xF4 0xB5 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\40b89a76b58a@0011671111ad 0x3E 0xA7 0x7A 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.2 ----