GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-24 15:56:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 CT250BX100SSD1 rev.MU02 232,89GB Running: c948uuig.exe; Driver: C:\Users\anonim\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f5900 7 bytes [80, 4F, F3, FF, 01, 5B, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f5908 3 bytes [C0, 06, 02] .text ... * 114 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 464 fffff960001be1e0 15 bytes [48, B8, C0, D3, 23, 04, 80, ...] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 03] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 03, 00] .text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 0000000076f2ba0d 14 bytes [B8, 38, 7B, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 0000000076f2c63d 18 bytes [B8, 74, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000076f30b8d 12 bytes [B8, 70, 81, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!PeekMessageA + 1 0000000076f339c1 14 bytes [B8, A8, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 0000000076f347ec 15 bytes [48, B8, 4C, 80, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000076f34fb1 18 bytes [B8, 74, 77, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000076f36101 14 bytes [B8, 08, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000076f38ff5 14 bytes [B8, 00, 11, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetMessageW 0000000076f39e74 12 bytes [48, B8, 58, 10, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000076f48959 14 bytes [B8, C4, AB, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076f489c0 6 bytes [48, B8, 74, 78, 03, 00] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 0000000076f489c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076f4afb0 6 bytes [48, B8, 38, 75, 03, 00] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetRawInputData + 8 0000000076f4afb8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!EndTask + 1 0000000076f71639 17 bytes [B8, 34, 22, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[548] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 0000000076f850c1 12 bytes [B8, 0C, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 03] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 03, 00] .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 0000000076f2ba0d 14 bytes [B8, 38, 7B, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 0000000076f2c63d 18 bytes [B8, 74, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000076f30b8d 12 bytes [B8, 70, 81, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!PeekMessageA + 1 0000000076f339c1 14 bytes [B8, A8, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 0000000076f347ec 15 bytes [48, B8, 4C, 80, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000076f34fb1 18 bytes [B8, 74, 77, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000076f36101 14 bytes [B8, 08, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000076f38ff5 14 bytes [B8, 00, 11, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetMessageW 0000000076f39e74 12 bytes [48, B8, 58, 10, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000076f48959 14 bytes [B8, C4, AB, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076f489c0 6 bytes [48, B8, 74, 78, 03, 00] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 0000000076f489c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076f4afb0 6 bytes [48, B8, 38, 75, 03, 00] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetRawInputData + 8 0000000076f4afb8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!EndTask + 1 0000000076f71639 17 bytes [B8, 34, 22, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[656] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 0000000076f850c1 12 bytes [B8, 0C, 76, 03, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 05] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 05, 00] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 8 bytes [48, B8, E4, 93, 05, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefeaf6d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2144] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 05, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8354da4 7 bytes JMP 000007fef83400d8 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8379af4 7 bytes JMP 000007fef8340110 .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 06] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Windows\Explorer.EXE[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 8 bytes [48, B8, E4, 93, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefeaf6d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\samcli.dll!NetUserSetInfo + 1 000007fef96068bd 1 byte [B8] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\samcli.dll!NetUserSetInfo + 3 000007fef96068bf 12 bytes [26, 06, 00, 00, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[2548] C:\Windows\system32\samcli.dll!NetUserChangePassword 000007fef9607e18 15 bytes [48, B8, 7C, 27, 06, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2704] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 16, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2716] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 16, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 16] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Windows\System32\igfxpers.exe[2728] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 16, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 16] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 8 bytes [48, B8, E4, 93, 16, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefeaf6d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[2804] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 16, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2856] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 17, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007721f9f1 3 bytes [0B, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007721f9f5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007721fc61 3 bytes [45, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007721fc65 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077220049 3 bytes [88, 11, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007722004d 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000772200c5 3 bytes [08, 1A, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772200c9 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077220399 3 bytes [68, 1C, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007722039d 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000772203c9 3 bytes [96, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000772203cd 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000772203e1 3 bytes [E0, 1B, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000772203e5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077220561 3 bytes [34, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077220565 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000772206a5 3 bytes [E2, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000772206a9 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000772218d1 3 bytes [BC, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000772218d5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007723d2f6 7 bytes [B8, F8, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007723eb2a 8 bytes [B8, 2A, 85, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ff1eee 7 bytes JMP 0000000071273c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ff5b85 7 bytes JMP 0000000071274290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076001409 7 bytes JMP 0000000071273ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007600ea5d 7 bytes JMP 0000000071273c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760990c4 7 bytes JMP 00000000712736c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076099149 5 bytes JMP 0000000071273770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007609949f 5 bytes JMP 00000000712736d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075fa1e4c 5 bytes JMP 0000000071273680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075fa1efa 5 bytes JMP 0000000071273640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075fa2bdc 5 bytes JMP 0000000000dc36f6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075fa2e7e 5 bytes JMP 0000000071273480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ab78e2 8 bytes [B8, EB, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ab7bd3 8 bytes [B8, A3, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ab8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ab8a29 5 bytes JMP 0000000071272b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ab8b52 8 bytes [B8, 54, 5C, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075ac05d2 11 bytes [B8, 7E, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075ac2797 11 bytes [B8, D9, 78, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075ac4713 7 bytes [B8, 2C, 78, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075ac47e6 3 bytes [86, 79, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075ac47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ac5645 5 bytes JMP 0000000071273400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075ac7044 11 bytes [B8, 33, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075ac71e0 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075ac7355 12 bytes [B8, 27, 7A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075ade67f 8 bytes [B8, C5, 74, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075adf631 5 bytes JMP 0000000071273470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b00867 5 bytes JMP 0000000071272960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075b08208 11 bytes [B8, 38, 57, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b17af4 5 bytes JMP 00000000712733e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075b18408 3 bytes [9B, 56, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075b1840c 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075b1a887 3 bytes [4F, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075b1a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de74f 5 bytes JMP 0000000071272c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de989 5 bytes JMP 0000000071272c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075955e75 5 bytes JMP 0000000071272ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007597546d 10 bytes [B8, BE, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075989cbb 5 bytes JMP 000000000005897a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075989cfe 9 bytes [B8, 98, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3000] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000075dc3a1d 7 bytes [B8, F2, 74, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007721f9f1 3 bytes [0B, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007721f9f5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007721fc61 3 bytes [45, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007721fc65 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077220049 3 bytes [88, 11, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007722004d 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000772200c5 3 bytes [08, 1A, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772200c9 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077220399 3 bytes [68, 1C, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007722039d 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000772203c9 3 bytes [96, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000772203cd 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000772203e1 3 bytes [E0, 1B, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000772203e5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077220561 3 bytes [34, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077220565 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000772206a5 3 bytes [E2, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000772206a9 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000772218d1 3 bytes [BC, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000772218d5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007723d2f6 7 bytes [B8, F8, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007723eb2a 8 bytes [B8, 2A, 85, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ff1eee 7 bytes JMP 0000000071273c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ff5b85 7 bytes JMP 0000000071274290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076001409 7 bytes JMP 0000000071273ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007600ea5d 7 bytes JMP 0000000071273c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760990c4 7 bytes JMP 00000000712736c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076099149 5 bytes JMP 0000000071273770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007609949f 5 bytes JMP 00000000712736d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075fa1e4c 5 bytes JMP 0000000071273680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075fa1efa 5 bytes JMP 0000000071273640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075fa2bdc 5 bytes JMP 0000000071273780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075fa2e7e 5 bytes JMP 0000000071273480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de74f 5 bytes JMP 0000000071272c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de989 5 bytes JMP 0000000071272c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ab78e2 8 bytes [B8, EB, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ab7bd3 8 bytes [B8, A3, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ab8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ab8a29 5 bytes JMP 0000000071272b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ab8b52 8 bytes [B8, 54, 5C, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075ac05d2 11 bytes [B8, 7E, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075ac2797 11 bytes [B8, D9, 78, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075ac4713 7 bytes [B8, 2C, 78, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075ac47e6 3 bytes [86, 79, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075ac47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ac5645 5 bytes JMP 0000000071273400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075ac7044 11 bytes [B8, 33, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075ac71e0 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075ac7355 12 bytes [B8, 27, 7A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075ade67f 8 bytes [B8, C5, 74, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075adf631 5 bytes JMP 0000000071273470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b00867 5 bytes JMP 0000000071272960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075b08208 11 bytes [B8, 38, 57, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b17af4 5 bytes JMP 00000000712733e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075b18408 3 bytes [9B, 56, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075b1840c 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075b1a887 3 bytes [4F, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075b1a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075955e75 5 bytes JMP 0000000071272ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007597546d 10 bytes [B8, BE, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075989cbb 5 bytes JMP 000000000005897a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075989cfe 9 bytes [B8, 98, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000075dc3a1d 7 bytes [B8, F2, 74, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000712a1003 2 bytes [2A, 71] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000712a1016 2 bytes [2A, 71] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 06, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 18 bytes JMP 000007fefd280228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[2172] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 06, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 18 bytes JMP 000007fefd280228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076e19020 13 bytes {MOV R11, 0x7fee814e584; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000076f26c10 5 bytes JMP 000000006fff02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f2a510 5 bytes JMP 000000006fff0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 0000000076f2ba0d 14 bytes [B8, 38, 7B, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 0000000076f2c63d 18 bytes [B8, 74, 76, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f307bc 7 bytes JMP 000000006fff0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000076f30b8d 12 bytes [B8, 70, 81, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!PeekMessageA + 1 0000000076f339c1 14 bytes [B8, A8, 10, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 0000000076f347ec 15 bytes [48, B8, 4C, 80, 06, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000076f34fb1 18 bytes [B8, 74, 77, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000076f36101 14 bytes [B8, 08, 10, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000076f38ff5 14 bytes [B8, 00, 11, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetMessageW 0000000076f39e74 12 bytes [48, B8, 58, 10, 06, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f3cd04 9 bytes JMP 000000006fff0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000076f48959 14 bytes [B8, C4, AB, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076f489c0 6 bytes [48, B8, 74, 78, 06, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 0000000076f489c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076f4afb0 6 bytes [48, B8, 38, 75, 06, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetRawInputData + 8 0000000076f4afb8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000076f70724 5 bytes JMP 000000006fff0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!EndTask + 1 0000000076f71639 17 bytes [B8, 34, 22, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 0000000076f850c1 12 bytes [B8, 0C, 76, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 06, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 18 bytes JMP 000007fefd280228 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 06, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\samcli.dll!NetUserSetInfo + 1 000007fef96068bd 1 byte [B8] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\samcli.dll!NetUserSetInfo + 3 000007fef96068bf 12 bytes [26, 06, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[3792] C:\Windows\system32\samcli.dll!NetUserChangePassword 000007fef9607e18 15 bytes [48, B8, 7C, 27, 06, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 07, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 07, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007706be00 7 bytes [48, B8, 30, 93, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007706be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007706bf70 7 bytes [48, B8, 88, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007706bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007706bf90 7 bytes [48, B8, 04, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007706bf98 7 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007706bfa0 7 bytes [48, B8, 04, 93, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007706bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007706c020 7 bytes [48, B8, AC, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007706c028 7 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007706c030 7 bytes [48, B8, 40, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007706c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007706c060 7 bytes [48, B8, 94, 91, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007706c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007706c100 7 bytes [48, B8, DC, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007706c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 6 bytes [00, 00, 50, C3, 53, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 07] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007706ccf0 7 bytes [48, B8, 28, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007706ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007706cd40 7 bytes [48, B8, 64, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007706cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007706ce90 7 bytes [48, B8, F0, 92, 3F, 3F, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007706ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 07, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076e0a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076e13f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076e2ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e3f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e69c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e79710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e98ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 07, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 07, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 18 bytes JMP 000007fefd280228 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 07, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\samcli.dll!NetUserSetInfo + 1 000007fef96068bd 1 byte [B8] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\samcli.dll!NetUserSetInfo + 3 000007fef96068bf 12 bytes [26, 07, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[1612] C:\Windows\system32\samcli.dll!NetUserChangePassword 000007fef9607e18 15 bytes [48, B8, 7C, 27, 07, 00, 00, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077042281 12 bytes [B8, 00, 75, 0F, 00, 00, 00, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077046131 14 bytes [B8, 10, 74, 0F, 00, 00, 00, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007706be20 5 bytes [48, B8, A4, 2A, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007706be28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007706bfb0 5 bytes [48, B8, 18, 2C, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007706bfb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007706c230 5 bytes [48, B8, 78, 13, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007706c238 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007706c280 5 bytes [48, B8, 9C, 24, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007706c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007706c450 5 bytes [48, B8, 54, 29, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007706c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007706c470 5 bytes [48, B8, AC, 22, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007706c478 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007706c488 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007706c580 5 bytes [48, B8, 3C, 2B, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007706c588 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007706c650 5 bytes [48, B8, 0C, 24, 0F] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007706c658 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007706d220 6 bytes [48, B8, 68, 23, 0F, 00] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007706d228 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2d32f0 7 bytes JMP 000007fefd2800d8 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2daa60 5 bytes JMP 000007fefd280180 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2dac00 5 bytes JMP 000007fefd280110 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2e9ac0 5 bytes JMP 000007fefd280148 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefeadd871 14 bytes [B8, 74, 94, 0F, 00, 00, 00, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeaf6d10 11 bytes JMP 000007fefd280228 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefeb024f9 14 bytes [B8, E4, 94, 0F, 00, 00, 00, ...] .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeb0b4f0 7 bytes JMP 000007fefd280260 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd828830 8 bytes JMP 000007fefd2801f0 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd82b9e0 8 bytes JMP 000007fefd2801b8 .text C:\Windows\system32\wuauclt.exe[3572] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff051c80 14 bytes [48, B8, 00, AC, 0F, 00, 00, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007721f9f1 3 bytes [0B, 1D, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007721f9f5 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007721fc61 3 bytes [45, 1D, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007721fc65 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077220049 3 bytes [88, 11, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007722004d 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000772200c5 3 bytes [08, 1A, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772200c9 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077220399 3 bytes [68, 1C, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007722039d 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000772203c9 3 bytes [96, 19, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000772203cd 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000772203e1 3 bytes [E0, 1B, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000772203e5 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077220561 3 bytes [34, 1D, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077220565 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000772206a5 3 bytes [E2, 19, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000772206a9 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000772218d1 3 bytes [BC, 19, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000772218d5 2 bytes [50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007723d2f6 7 bytes [B8, F8, 77, 19, 00, 50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007723eb2a 8 bytes [B8, 2A, 85, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ff1eee 7 bytes JMP 0000000071273c50 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ff5b85 7 bytes JMP 0000000071274290 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076001409 7 bytes JMP 0000000071273ea0 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007600ea5d 7 bytes JMP 0000000071273c40 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760990c4 7 bytes JMP 00000000712736c0 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076099149 5 bytes JMP 0000000071273770 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007609949f 5 bytes JMP 00000000712736d0 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075fa1e4c 5 bytes JMP 0000000071273680 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075fa1efa 5 bytes JMP 0000000071273640 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075fa2bdc 5 bytes JMP 0000000071273780 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075fa2e7e 5 bytes JMP 0000000071273480 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de74f 5 bytes JMP 0000000071272c60 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de989 5 bytes JMP 0000000071272c70 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ab78e2 8 bytes [B8, EB, 1D, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ab7bd3 8 bytes [B8, A3, 1D, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ab8332 7 bytes [B8, DD, 18, 19, 00, 50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ab8b52 8 bytes [B8, 54, 5C, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075ac05d2 11 bytes [B8, 7E, 1E, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075ac2797 11 bytes [B8, D9, 78, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075ac4713 7 bytes [B8, 2C, 78, 19, 00, 50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075ac47e6 3 bytes [86, 79, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075ac47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ac5645 5 bytes JMP 0000000071273400 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075ac7044 11 bytes [B8, 33, 1E, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075ac71e0 7 bytes [B8, B7, 18, 19, 00, 50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075ac7355 12 bytes [B8, 27, 7A, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075ade67f 8 bytes [B8, C5, 74, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075adf631 5 bytes JMP 0000000071273470 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b00867 5 bytes JMP 0000000071272960 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075b08208 11 bytes [B8, 38, 57, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b17af4 5 bytes JMP 00000000712733e0 .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075b18408 3 bytes [9B, 56, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075b1840c 5 bytes [50, C3, 90, 90, 90] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075b1a887 3 bytes [4F, 19, 19] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075b1a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000075dc3a1d 7 bytes [B8, F2, 74, 19, 00, 50, C3] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000712a1003 2 bytes [2A, 71] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000712a1016 2 bytes [2A, 71] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007597546d 10 bytes [B8, BE, 6A, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075989cbb 8 bytes [B8, 7A, 89, 19, 00, 50, C3, ...] .text C:\Users\anonim\Desktop\c948uuig.exe[1456] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075989cfe 9 bytes [B8, 98, 6A, 19, 00, 50, C3, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IofCompleteRequest] [fffff880042446c0] \??\C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [.text] ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----