.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1972] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1996] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Windows\system32\crypserv.exe[1488] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe[2096] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe[2148] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077141465 2 bytes [14, 77]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771414bb 2 bytes [14, 77]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2272] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfdataexport.exe[2408] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfindexingmanager.exe[2432] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000010028d080
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000010029fac0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000010029dfa0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000010029ec30
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000010029c270
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000010029e640
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000010029ff20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000010029fce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000010029e2a0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000010029cc90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000010029b520
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000010029f750
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000010029be90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000010029c8f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000010029f540
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000010029f0c0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000010029f300
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000010029c520
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000010029eec0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000100297df0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000010028d1a0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff889cbf19}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000100294f30
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000100295ac0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000100293a60
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000010028d1d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000010028b640
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000010028c3d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000010028b100
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000010028ab80
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000010028c0c0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001002880a0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000010028bb80
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000100289330
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001002888e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff893a5b7c}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000100287e00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000100288b80
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000010028be20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000010028b8e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000010028b3a0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000010028c5f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000010028c810
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000010028a0c0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000010028a600
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000010028ae40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000010028ca80
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001002886e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000100289e10
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000100289b60
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000100289080
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001002895e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000100289890
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001002882d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000100287bf0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000100299670
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000100299880
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000010028a8c0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000010028a360
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001002884e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000100288e60
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000100298bc0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001002993e0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000100299cc0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000100298c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000100299130
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000100298990
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000100299bc0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000100298ea0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x86\mfserveraux.exe[2460] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000100294390
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfsetup.exe[2576] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe[2652] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
-
This topic is locked
#16
Posted 18 August 2014 - 06:44 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
#17
Posted 18 August 2014 - 06:46 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2728] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\svchost.exe[2756] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe[2828] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\mfserver.exe[2600] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\DllHost.exe[3112] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3904] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3912] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[3468] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFIndexer.exe[536] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\svchost.exe[4144] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\WUDFHost.exe[4632] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\System32\WUDFHost.exe[4988] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\SearchIndexer.exe[4656] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefdbea6f0 1 byte JMP 000007fffd3f0180
.text C:\Windows\system32\taskhost.exe[3732] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefdbea6f2 5 bytes {JMP 0xffffffffff805a90}
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\Dwm.exe[1620] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\Explorer.EXE[4748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077486ef0 8 bytes JMP 000000016fff06f8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077488184 7 bytes JMP 000000016fff0880
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SetParent 0000000077488530 8 bytes JMP 000000016fff0730
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!PostMessageA 000000007748a404 5 bytes JMP 000000016fff0308
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!EnableWindow 000000007748aaa0 9 bytes JMP 000000016fff08f0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!MoveWindow 000000007748aad0 8 bytes JMP 000000016fff0768
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007748c720 5 bytes JMP 000000016fff06c0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007748cd50 8 bytes JMP 000000016fff0848
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007748d2b0 5 bytes JMP 000000016fff0378
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageA 000000007748d338 5 bytes JMP 000000016fff03e8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007748dc40 9 bytes JMP 000000016fff0570
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007748f510 7 bytes JMP 000000016fff08b8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007748f874 9 bytes JMP 000000016fff0298
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007748fac0 9 bytes JMP 000000016fff0490
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077490b74 10 bytes JMP 000000016fff03b0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077494d4c 5 bytes JMP 000000016fff02d0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!GetKeyState 0000000077495010 5 bytes JMP 000000016fff0688
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077495438 7 bytes JMP 000000016fff0500
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageW 0000000077496b50 5 bytes JMP 000000016fff0420
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!PostMessageW 00000000774976e4 7 bytes JMP 000000016fff0340
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007749dd90 5 bytes JMP 000000016fff05e0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!GetClipboardData 000000007749e874 5 bytes JMP 000000016fff0810
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007749f780 8 bytes JMP 000000016fff07a0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000774a28e4 12 bytes JMP 000000016fff0538
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!mouse_event 00000000774a3894 7 bytes JMP 000000016fff0228
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000774a8a10 8 bytes JMP 000000016fff0650
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000774a8be0 12 bytes JMP 000000016fff0458
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000774a8c20 12 bytes JMP 000000016fff0260
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendInput 00000000774a8cd0 8 bytes JMP 000000016fff0618
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!BlockInput 00000000774aad60 8 bytes JMP 000000016fff07d8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000774d14e0 5 bytes JMP 000000016fff0928
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!keybd_event 00000000774f45a4 7 bytes JMP 000000016fff01f0
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000774fcc08 5 bytes JMP 000000016fff05a8
.text C:\Windows\Explorer.EXE[4748] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000774fdf18 7 bytes JMP 000000016fff04c8
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
#18
Posted 18 August 2014 - 06:47 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077141465 2 bytes [14, 77]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771414bb 2 bytes [14, 77]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe[4136] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000775898e0 12 bytes JMP 000000016fff01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\kernel32.dll!CreateProcessW 00000000775a0650 12 bytes JMP 000000016fff0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007761acf0 1 byte JMP 000000016fff0180
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007761acf2 5 bytes {JMP 0xfffffffff89d5490}
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f03b0
.text C:\Program Files\M-Files\9.0.3372.41\Bin\x64\MFStatus.exe[1464] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0378
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077141465 2 bytes [14, 77]
.text C:\Users\MrZ\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771414bb 2 bytes [14, 77]
.text ... * 2
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\MediaMall\PlayOn.exe[4124] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\AUDIODG.EXE[5848] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000010030d080
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000010031fac0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000010031dfa0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000010031ec30
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000010031c270
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000010031e640
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000010031ff20
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000010031fce0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000010031e2a0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000010031cc90
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000010031b520
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000010031f750
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000010031be90
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000010031c8f0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000010031f540
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000010031f0c0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000010031f300
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000010031c520
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000010031eec0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000100317df0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000010030d1a0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff88a4bf19}
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000100314f30
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000100315ac0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000100313a60
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000010030d1d0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000010030b640
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000010030c3d0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000010030b100
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000010030ab80
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000010030c0c0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001003080a0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000010030bb80
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000100309330
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001003088e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff89425b7c}
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000100307e00
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000100308b80
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000010030be20
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000010030b8e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000010030b3a0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000010030c5f0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000010030c810
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000010030a0c0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000010030a600
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000010030ae40
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000010030ca80
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001003086e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000100309e10
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000100309b60
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000100309080
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001003095e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000100309890
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001003082d0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000100307bf0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000100319670
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000100319880
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000010030a8c0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000010030a360
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001003084e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000100308e60
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000100318bc0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001003193e0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000100319cc0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000100318c00
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000100319130
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000100318990
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000100319bc0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000100318ea0
.text C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe[1448] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000100314390
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5308] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077141465 2 bytes [14, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771414bb 2 bytes [14, 77]
.text ... * 2
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Program Files\Windows Sidebar\sidebar.exe[4424] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 00000001004ad080
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 00000001004bfac0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 00000001004bdfa0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 00000001004bec30
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 00000001004bc270
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 00000001004be640
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 00000001004bff20
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 00000001004bfce0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 00000001004be2a0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 00000001004bcc90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 00000001004bb520
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 00000001004bf750
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 00000001004bbe90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 00000001004bc8f0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 00000001004bf540
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 00000001004bf0c0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 00000001004bf300
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 00000001004bc520
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 00000001004beec0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 00000001004b7df0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 00000001004ad1a0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff88bebf19}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 00000001004b4f30
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 00000001004b5ac0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 00000001004b3a60
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 00000001004ad1d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 00000001004b8bc0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001004b93e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 00000001004b9cc0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 00000001004b8c00
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 00000001004b9130
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 00000001004b8990
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 00000001004b9bc0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 00000001004b8ea0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 00000001004ab640
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 00000001004ac3d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 00000001004ab100
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 00000001004aab80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 00000001004ac0c0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001004a80a0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 00000001004abb80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 00000001004a9330
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001004a88e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff895c5b7c}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 00000001004a7e00
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 00000001004a8b80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 00000001004abe20
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 00000001004ab8e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 00000001004ab3a0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 00000001004ac5f0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 00000001004ac810
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 00000001004aa0c0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 00000001004aa600
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 00000001004aae40
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 00000001004aca80
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001004a86e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 00000001004a9e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 00000001004a9b60
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 00000001004a9080
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001004a95e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 00000001004a9890
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001004a82d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 00000001004a7bf0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 00000001004b9670
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 00000001004b9880
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 00000001004aa8c0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 00000001004aa360
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001004a84e0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 00000001004a8e60
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4444] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 00000001004b4390
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000010032d080
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000010033fac0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000010033dfa0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000010033ec30
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000010033c270
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000010033e640
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000010033ff20
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000010033fce0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000010033e2a0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000010033cc90
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000010033b520
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000010033f750
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000010033be90
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000010033c8f0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000010033f540
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000010033f0c0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000010033f300
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000010033c520
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000010033eec0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000100337df0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000010032d1a0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff88a6bf19}
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000100334f30
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000100335ac0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000100333a60
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000010032d1d0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000100334390
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000010032b640
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000010032c3d0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000010032b100
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000010032ab80
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000010032c0c0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001003280a0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000010032bb80
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000100329330
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001003288e0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff89445b7c}
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000100327e00
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000100328b80
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000010032be20
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000010032b8e0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000010032b3a0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000010032c5f0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000010032c810
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000010032a0c0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000010032a600
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000010032ae40
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000010032ca80
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001003286e0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000100329e10
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000100329b60
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000100329080
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001003295e0
#19
Posted 18 August 2014 - 06:48 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000100329890
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001003282d0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000100327bf0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000100339670
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000100339880
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000010032a8c0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000010032a360
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001003284e0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000100328e60
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000100338bc0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001003393e0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000100339cc0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000100338c00
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000100339130
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000100338990
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000100339bc0
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[5988] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000100338ea0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\taskeng.exe[3628] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[2548] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[1160] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4816] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000776c3b10 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000776c7ac0 5 bytes JMP 000000016fff0d50
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000776f13a0 8 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776f1570 8 bytes JMP 000000016fff0a78
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000776f15e0 8 bytes JMP 000000016fff0c00
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776f1620 8 bytes JMP 000000016fff0b90
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000776f16c0 8 bytes JMP 000000016fff0c38
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776f1750 8 bytes JMP 000000016fff0b58
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776f1790 8 bytes JMP 000000016fff0998
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776f17e0 8 bytes JMP 000000016fff09d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000776f1800 8 bytes JMP 000000016fff0bc8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000776f19f0 8 bytes JMP 000000016fff0d18
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776f1b00 8 bytes JMP 000000016fff0960
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000776f1bd0 8 bytes JMP 000000016fff0ab0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f1d20 8 bytes JMP 000000016fff0c70
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 000000016fff0ce0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776f20a0 8 bytes JMP 000000016fff0ae8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000776f2130 8 bytes JMP 000000016fff0ca8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776f29a0 8 bytes JMP 000000016fff0b20
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776f2a20 8 bytes JMP 000000016fff0a08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776f2aa0 8 bytes JMP 000000016fff0a40
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4928] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000756d6143 4 bytes JMP 00000001621058dc
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076ed9ebd 5 bytes JMP 00000001619b73ad
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076ee0afa 5 bytes JMP 00000001619bbe0d
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076ee1361 5 bytes JMP 00000001619ca75f
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000076ee7849 5 bytes JMP 0000000161b29197
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000077153e59 5 bytes JMP 00000001619f51b8
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077153eae 3 bytes JMP 0000000161a0bec1
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\OLEAUT32.dll!VariantClear + 4 0000000077153eb2 1 byte [EA]
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000077154731 5 bytes JMP 0000000161a155a0
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000077155dee 5 bytes JMP 0000000161a8e211
.text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6844] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075957edb 4 bytes JMP 0000000161a83d02
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076ed9ebd 5 bytes JMP 00000001619b73ad
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076ee0afa 5 bytes JMP 00000001619bbe0d
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076ee1361 5 bytes JMP 00000001619ca75f
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000076ee7849 5 bytes JMP 0000000161b29197
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000756d6143 4 bytes JMP 00000001621058dc
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075957edb 4 bytes JMP 0000000161a83d02
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\OLEAUT32.DLL!SysFreeString 0000000077153e59 5 bytes JMP 00000001619f51b8
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\OLEAUT32.DLL!VariantClear 0000000077153eae 3 bytes JMP 0000000161a0bec1
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\OLEAUT32.DLL!VariantClear + 4 0000000077153eb2 1 byte [EA]
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\OLEAUT32.DLL!SysAllocStringByteLen 0000000077154731 5 bytes JMP 0000000161a155a0
.text C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe[7068] C:\Windows\syswow64\OLEAUT32.DLL!VariantChangeType 0000000077155dee 5 bytes JMP 0000000161a8e211
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd5753c0 7 bytes JMP 000007fffd3f0148
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe3a22cc 5 bytes JMP 000007fffd3f0260
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe3a24c0 5 bytes JMP 000007fffd3f0298
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe3a5bf0 5 bytes JMP 000007fffd3f02d0
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe3a8398 9 bytes JMP 000007fffd3f01f0
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe3a89d8 9 bytes JMP 000007fffd3f01b8
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe3a9344 5 bytes JMP 000007fffd3f0228
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe3ab9f8 5 bytes JMP 000007fffd3f0340
.text C:\Windows\system32\svchost.exe[6300] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe3ac8e0 5 bytes JMP 000007fffd3f0308
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007789f9e0 5 bytes JMP 000000011001d080
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007789fcb0 5 bytes JMP 000000011002fac0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007789fd64 5 bytes JMP 000000011002dfa0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007789fdc8 5 bytes JMP 000000011002ec30
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 000000007789fec0 5 bytes JMP 000000011002c270
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007789ffa4 5 bytes JMP 000000011002e640
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778a0004 5 bytes JMP 000000011002ff20
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778a0084 5 bytes JMP 000000011002fce0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000778a00b4 5 bytes JMP 000000011002e2a0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000778a03b8 5 bytes JMP 000000011002cc90
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778a0550 5 bytes JMP 000000011002b520
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000778a0694 5 bytes JMP 000000011002f750
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778a088c 5 bytes JMP 000000011002be90
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778a08a4 5 bytes JMP 000000011002c8f0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778a0df4 5 bytes JMP 000000011002f540
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000778a0ed8 5 bytes JMP 000000011002f0c0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778a1be4 5 bytes JMP 000000011002f300
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000778a1cb4 5 bytes JMP 000000011002c520
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000778a1d8c 5 bytes JMP 000000011002eec0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000778bc4dd 5 bytes JMP 0000000110027df0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000778c1287 1 byte JMP 000000011001d1a0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 00000000778c1289 5 bytes {JMP 0xffffffff9875bf19}
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000772f103d 5 bytes JMP 0000000110024f30
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000772f1072 5 bytes JMP 0000000110025ac0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007731c9b5 5 bytes JMP 0000000110023a60
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c7f784 5 bytes JMP 000000011001d1d0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076ed8bff 5 bytes JMP 000000011001b640
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076ed90d3 7 bytes JMP 000000011001c3d0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076ed9679 5 bytes JMP 000000011001b100
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076ed97d2 5 bytes JMP 000000011001ab80
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076edee09 5 bytes JMP 000000011001c0c0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076edefc9 5 bytes JMP 00000001100180a0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ee12a5 5 bytes JMP 000000011001bb80
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076ee291f 5 bytes JMP 0000000110019330
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetParent 0000000076ee2d64 1 byte JMP 00000001100188e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076ee2d66 3 bytes {JMP 0xffffffff99135b7c}
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076ee2da4 5 bytes JMP 0000000110017e00
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076ee3698 5 bytes JMP 0000000110018b80
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076ee3baa 5 bytes JMP 000000011001be20
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076ee3c61 5 bytes JMP 000000011001b8e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076ee612e 5 bytes JMP 000000011001b3a0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076ee6c30 7 bytes JMP 000000011001c5f0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076ee7603 5 bytes JMP 000000011001c810
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076ee7668 5 bytes JMP 000000011001a0c0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076ee76e0 5 bytes JMP 000000011001a600
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076ee781f 5 bytes JMP 000000011001ae40
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076ee835c 5 bytes JMP 000000011001ca80
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076eec4b6 5 bytes JMP 00000001100186e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076efc112 5 bytes JMP 0000000110019e10
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076efd0f5 5 bytes JMP 0000000110019b60
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076efeb96 5 bytes JMP 0000000110019080
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076efec68 5 bytes JMP 00000001100195e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendInput 0000000076efff4a 5 bytes JMP 0000000110019890
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076f19f1d 5 bytes JMP 00000001100182d0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076f21497 5 bytes JMP 0000000110017bf0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076f3027b 5 bytes JMP 0000000110029670
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076f302bf 5 bytes JMP 0000000110029880
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076f36cfc 5 bytes JMP 000000011001a8c0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076f36d5d 5 bytes JMP 000000011001a360
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076f37dd7 5 bytes JMP 00000001100184e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076f388eb 5 bytes JMP 0000000110018e60
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758458b3 5 bytes JMP 0000000110028bc0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075845ea6 5 bytes JMP 00000001100293e0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075847bcc 5 bytes JMP 0000000110029cc0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007584b895 5 bytes JMP 0000000110028c00
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007584c332 5 bytes JMP 0000000110029130
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007584cbfb 5 bytes JMP 0000000110028990
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007584e743 5 bytes JMP 0000000110029bc0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075874857 5 bytes JMP 0000000110028ea0
.text C:\Users\MrZ\Desktop\s5fzlukh.exe[5776] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000077012642 5 bytes JMP 0000000110024390
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4144:4836] 000007fef4409688
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2548:852] 000007feec3cf5f8
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2548:2764] 000007feec56bc60
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001583507748
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001583507748@307701000200 0xF1 0xEC 0x84 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001583507748 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001583507748@307701000200 0xF1 0xEC 0x84 0xCA ...
---- EOF - GMER 2.1 ----
#20
Posted 18 August 2014 - 06:49 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
Is it time for a fresh install, like we did in the old days? LOL
#21
Posted 18 August 2014 - 07:07 AM
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
I mean this in the nicest way, but there's certainly a mess on this machine! I don't think it's anything you did as it looks like the Drivers and Hardware are not behaving.
Have you done a CHKDSK or any kind of Disk Cleanup? That's a viable option too as is a driver update.
How to update drivers.
- On you keyboard press the Windows key and R at the same time. A Run box will open.
- Type: devmgmt.msc .
- Press OK, now Device Manager should open.
- Expand a heading and highlight any item. Click Action (at the top of the window next to "File"). Press Update Driver Software.
The Hardware Section of the forum might also be your next stop as I hate to tell you to re-install as that is often a very long procedure and they may be able to help you avoid that drastic step. In any case, I think these are you options and I'm ready to help with whichever you choose. 
#22
Posted 18 August 2014 - 07:42 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
The boot drive is a SSD and I thought you were not suppose to do a chkdsk or defrag on them, is it Ok for me to do a chkdsk?
What type of things are you seeing that make it a mess?
#24
Posted 18 August 2014 - 08:33 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
Ok please tell me what issues you see with my machine so I can ask?
#25
Posted 18 August 2014 - 08:39 AM
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Try this wording.
I've been working the Malware Folks here and they tell me that my issues are not Malware. They suggested I open a topic here and see what you all think. I'm getting frequent crashes and my GMER and other scans show very odd results; perhaps driver or other Hardware or OS issues.
Just copy and paste the paragraph and see what they tell you. If no one responds in 24 hours, let me know (a PM is fine) and I'll ping someone for you.
#26
Posted 20 August 2014 - 06:55 AM
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
I see that you have posted in the Hardware forum. Is there anything else I can do for you from a malware perspective? If not, is it ok to close this topic?
#27
Posted 20 August 2014 - 08:15 AM
- Topic Starter
-
- Member
-
- 226 posts
Member
It seem to be acting normal now.
Thank you.
#28
Posted 20 August 2014 - 08:19 AM
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
It seem to be acting normal now.
Excellent news!
Thank you.
You are very welcome! If you need anything else, you know where we are 
#29
Posted 21 August 2014 - 11:02 AM
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
