GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-01 15:00:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: redpn7s4.exe; Driver: C:\Users\TOMASZ~1\AppData\Local\Temp\awdiypod.sys ---- Kernel code sections - GMER 2.2 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff880015cb4a0 12 bytes {MOV RAX, 0xfffffa8003c7b2a0; JMP RAX} PAGE C:\Windows\system32\drivers\PCIIDEX.SYS!DllUnload fffff880015eca50 12 bytes {MOV RAX, 0xfffffa800461a2a0; JMP RAX} .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800785dd8c 12 bytes {MOV RAX, 0xfffffa8007ea82a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000e5900 7 bytes [40, 4C, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000e5908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[956] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077aa9020 4 bytes [C3, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d6d10 11 bytes JMP 000007fefdad0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[624] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6eb4f0 7 bytes JMP 000007fefdad0260 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef837dc88 5 bytes JMP 000007fef83500d8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef837de10 5 bytes JMP 000007fef8350110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d6d10 11 bytes JMP 000007fefdad0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6eb4f0 7 bytes JMP 000007fefdad0260 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefda600d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefda60180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefda60110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefda60148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefda601f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefda601b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d6d10 11 bytes JMP 000007fefda60228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2528] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6eb4f0 7 bytes JMP 000007fefda60260 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076931401 2 bytes JMP 7646b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076931419 2 bytes JMP 7646b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076931431 2 bytes JMP 764e9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007693144a 2 bytes CALL 76444885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000769314dd 2 bytes JMP 764e8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769314f5 2 bytes JMP 764e8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007693150d 2 bytes JMP 764e8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076931525 2 bytes JMP 764e8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007693153d 2 bytes JMP 7645fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076931555 2 bytes JMP 76466907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007693156d 2 bytes JMP 764e9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076931585 2 bytes JMP 764e8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007693159d 2 bytes JMP 764e88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000769315b5 2 bytes JMP 7645fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000769315cd 2 bytes JMP 7646b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000769316b2 2 bytes JMP 764e90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2656] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000769316bd 2 bytes JMP 764e8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000067a9c3d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c18a29 5 bytes JMP 0000000073373840 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074311003 2 bytes [31, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000074311017 2 bytes [31, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077095e75 5 bytes JMP 0000000073373800 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3976] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770c9cbb 5 bytes JMP 00000000733736e0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000073374a40 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c18a29 5 bytes JMP 0000000073373840 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077095e75 5 bytes JMP 0000000073373800 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770c9cbb 5 bytes JMP 00000000733736e0 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074311003 2 bytes [31, 74] .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000074311017 2 bytes [31, 74] .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076931401 2 bytes JMP 7646b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076931419 2 bytes JMP 7646b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076931431 2 bytes JMP 764e9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007693144a 2 bytes CALL 76444885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000769314dd 2 bytes JMP 764e8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769314f5 2 bytes JMP 764e8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007693150d 2 bytes JMP 764e8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076931525 2 bytes JMP 764e8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007693153d 2 bytes JMP 7645fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076931555 2 bytes JMP 76466907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007693156d 2 bytes JMP 764e9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076931585 2 bytes JMP 764e8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007693159d 2 bytes JMP 764e88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000769315b5 2 bytes JMP 7645fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000769315cd 2 bytes JMP 7646b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000769316b2 2 bytes JMP 764e90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe[4512] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000769316bd 2 bytes JMP 764e8891 C:\Windows\syswow64\KERNEL32.dll .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefda600d8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefda60180 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefda60110 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefda60148 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefda601f0 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefda601b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d6d10 11 bytes JMP 000007fefda60228 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6eb4f0 7 bytes JMP 000007fefda60260 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000073374a40 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c18a29 5 bytes JMP 0000000073373840 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076931401 2 bytes JMP 7646b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076931419 2 bytes JMP 7646b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076931431 2 bytes JMP 764e9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007693144a 2 bytes CALL 76444885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769314dd 2 bytes JMP 764e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769314f5 2 bytes JMP 764e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007693150d 2 bytes JMP 764e8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076931525 2 bytes JMP 764e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007693153d 2 bytes JMP 7645fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076931555 2 bytes JMP 76466907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007693156d 2 bytes JMP 764e9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076931585 2 bytes JMP 764e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007693159d 2 bytes JMP 764e88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769315b5 2 bytes JMP 7645fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769315cd 2 bytes JMP 7646b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769316b2 2 bytes JMP 764e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769316bd 2 bytes JMP 764e8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077095e75 5 bytes JMP 0000000073373800 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[1404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770c9cbb 5 bytes JMP 00000000733736e0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000073374a40 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c18a29 5 bytes JMP 0000000073373840 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076931401 2 bytes JMP 7646b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076931419 2 bytes JMP 7646b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076931431 2 bytes JMP 764e9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007693144a 2 bytes CALL 76444885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769314dd 2 bytes JMP 764e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769314f5 2 bytes JMP 764e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007693150d 2 bytes JMP 764e8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076931525 2 bytes JMP 764e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007693153d 2 bytes JMP 7645fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076931555 2 bytes JMP 76466907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007693156d 2 bytes JMP 764e9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076931585 2 bytes JMP 764e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007693159d 2 bytes JMP 764e88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769315b5 2 bytes JMP 7645fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769315cd 2 bytes JMP 7646b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769316b2 2 bytes JMP 764e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769316bd 2 bytes JMP 764e8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077095e75 5 bytes JMP 0000000073373800 .text C:\Users\Tomasz J\AppData\Local\Akamai\netsession_win.exe[5296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770c9cbb 5 bytes JMP 00000000733736e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 14 bytes {MOV RAX, 0x7fefa5362b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077996c20 5 bytes JMP 000000006fff02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007799a510 5 bytes JMP 000000006fff0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000779acd04 9 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2616] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00000000779e0744 5 bytes JMP 000000006fff0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfbe00 7 bytes [48, B8, 60, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077bfbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077bfbf70 7 bytes [48, B8, E0, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077bfbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfbf90 7 bytes [48, B8, D0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077bfbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077bfbfa0 7 bytes [48, B8, C0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077bfbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 7 bytes [48, B8, 40, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077bfbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077bfbfd0 7 bytes [48, B8, B0, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077bfbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077bfc020 7 bytes [48, B8, 50, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077bfc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077bfc030 7 bytes [48, B8, 20, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077bfc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bfc060 7 bytes [48, B8, 40, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077bfc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077bfc100 7 bytes [48, B8, 80, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077bfc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bfc280 7 bytes [48, B8, C0, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077bfc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077bfccf0 7 bytes [48, B8, 00, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077bfccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfcd40 7 bytes [48, B8, A0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077bfcd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077bfce90 7 bytes [48, B8, A0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077bfce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfbe00 7 bytes [48, B8, 60, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077bfbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077bfbf70 7 bytes [48, B8, E0, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077bfbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfbf90 7 bytes [48, B8, D0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077bfbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077bfbfa0 7 bytes [48, B8, C0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077bfbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 7 bytes [48, B8, 40, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077bfbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077bfbfd0 7 bytes [48, B8, B0, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077bfbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077bfc020 7 bytes [48, B8, 50, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077bfc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077bfc030 7 bytes [48, B8, 20, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077bfc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bfc060 7 bytes [48, B8, 40, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077bfc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077bfc100 7 bytes [48, B8, 80, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077bfc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bfc280 7 bytes [48, B8, C0, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077bfc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077bfccf0 7 bytes [48, B8, 00, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077bfccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfcd40 7 bytes [48, B8, A0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077bfcd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077bfce90 7 bytes [48, B8, A0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077bfce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfbe00 7 bytes [48, B8, 60, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077bfbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077bfbf70 7 bytes [48, B8, E0, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077bfbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfbf90 7 bytes [48, B8, D0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077bfbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077bfbfa0 7 bytes [48, B8, C0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077bfbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 7 bytes [48, B8, 40, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077bfbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077bfbfd0 7 bytes [48, B8, B0, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077bfbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077bfc020 7 bytes [48, B8, 50, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077bfc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077bfc030 7 bytes [48, B8, 20, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077bfc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bfc060 7 bytes [48, B8, 40, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077bfc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077bfc100 7 bytes [48, B8, 80, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077bfc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bfc280 7 bytes [48, B8, C0, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077bfc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077bfccf0 7 bytes [48, B8, 00, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077bfccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfcd40 7 bytes [48, B8, A0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077bfcd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077bfce90 7 bytes [48, B8, A0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077bfce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfbe00 7 bytes [48, B8, 60, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077bfbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077bfbf70 7 bytes [48, B8, E0, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077bfbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfbf90 7 bytes [48, B8, D0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077bfbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077bfbfa0 7 bytes [48, B8, C0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077bfbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 7 bytes [48, B8, 40, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077bfbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077bfbfd0 7 bytes [48, B8, B0, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077bfbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077bfc020 7 bytes [48, B8, 50, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077bfc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077bfc030 7 bytes [48, B8, 20, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077bfc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bfc060 7 bytes [48, B8, 40, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077bfc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077bfc100 7 bytes [48, B8, 80, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077bfc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bfc280 7 bytes [48, B8, C0, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077bfc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077bfccf0 7 bytes [48, B8, 00, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077bfccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfcd40 7 bytes [48, B8, A0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077bfcd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077bfce90 7 bytes [48, B8, A0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077bfce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077bfbe00 7 bytes [48, B8, 60, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 0000000077bfbe08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077bfbf70 7 bytes [48, B8, E0, F9, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077bfbf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077bfbf90 7 bytes [48, B8, D0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077bfbf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077bfbfa0 7 bytes [48, B8, C0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077bfbfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077bfbfb0 7 bytes [48, B8, 40, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077bfbfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077bfbfd0 7 bytes [48, B8, B0, F8, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077bfbfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077bfc020 7 bytes [48, B8, 50, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077bfc028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077bfc030 7 bytes [48, B8, 20, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077bfc038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bfc060 7 bytes [48, B8, 40, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077bfc068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077bfc100 7 bytes [48, B8, 80, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 0000000077bfc108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bfc280 7 bytes [48, B8, C0, FA, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077bfc288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077bfccf0 7 bytes [48, B8, 00, FE, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 0000000077bfccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077bfcd40 7 bytes [48, B8, A0, FD, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077bfcd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077bfce90 7 bytes [48, B8, A0, FB, 4D, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077bfce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000073374a40 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076931401 2 bytes JMP 7646b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076931419 2 bytes JMP 7646b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076931431 2 bytes JMP 764e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007693144a 2 bytes CALL 76444885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769314dd 2 bytes JMP 764e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769314f5 2 bytes JMP 764e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007693150d 2 bytes JMP 764e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076931525 2 bytes JMP 764e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007693153d 2 bytes JMP 7645fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076931555 2 bytes JMP 76466907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007693156d 2 bytes JMP 764e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076931585 2 bytes JMP 764e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007693159d 2 bytes JMP 764e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769315b5 2 bytes JMP 7645fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769315cd 2 bytes JMP 7646b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769316b2 2 bytes JMP 764e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769316bd 2 bytes JMP 764e8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077abffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b09710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b28ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdae32f0 7 bytes JMP 000007fefdad00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdaeaa60 5 bytes JMP 000007fefdad0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdaeac00 5 bytes JMP 000007fefdad0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdaf9ac0 5 bytes JMP 000007fefdad0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe098840 8 bytes JMP 000007fefdad01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe09b9f0 8 bytes JMP 000007fefdad01b8 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076441eee 7 bytes JMP 00000000733753f0 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076445b85 7 bytes JMP 0000000073375a30 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076451409 7 bytes JMP 0000000073375640 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007645ea5d 7 bytes JMP 00000000733753e0 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764e90c4 7 bytes JMP 0000000073374850 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764e9149 5 bytes JMP 0000000073374a30 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764e949f 5 bytes JMP 0000000073374860 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077821e4c 5 bytes JMP 0000000073374770 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077821efa 5 bytes JMP 0000000073374680 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077822bdc 5 bytes JMP 0000000073374a40 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077822e7e 5 bytes JMP 0000000073374370 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774de757 5 bytes JMP 0000000073373980 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774de991 5 bytes JMP 0000000073373990 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c25645 5 bytes JMP 0000000073374300 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c3f61f 5 bytes JMP 0000000073374360 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c60867 5 bytes JMP 00000000733735c0 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c77af4 5 bytes JMP 00000000733742d0 .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074311003 2 bytes [31, 74] .text C:\Users\Tomasz J\Desktop\redpn7s4.exe[5496] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 0000000074311017 2 bytes [31, 74] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106ef1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106ecc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106f69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106fa98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106f8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortStallExecution] [ffffb0a015ff5024] [unknown section] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [fffffa60e8cb8b48] [unknown section] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fff9c3e8d2330000] [unknown section] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [fffa47e8cb8b48ff] [unknown section] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?] IAT C:\Windows\System32\Drivers\ad3xoqib.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4672] @ C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[KERNEL32.dll!LoadLibraryW] [7fef4a5106c] C:\Windows\KMS-R@1nHook.dll IAT C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4672] @ C:\Windows\system32\ADVAPI32.dll[RPCRT4.dll!RpcStringBindingComposeW] [7fef4a51000] C:\Windows\KMS-R@1nHook.dll IAT C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4672] @ C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL[RPCRT4.dll!RpcStringBindingComposeW] [7fef4a51000] C:\Windows\KMS-R@1nHook.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae32c80] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae324a0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae32c60] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae32ed0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f727c0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fedae32c80] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedae324a0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedae32c60] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fedae32ed0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5628] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed9f727c0] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\chrome_child.dll ---- Devices - GMER 2.2 ---- Device \Driver\ad3xoqib \Device\Scsi\ad3xoqib1Port1Path0Target0Lun0 fffffa80084362c0 Device \Driver\ad3xoqib \Device\Scsi\ad3xoqib1 fffffa80084362c0 Device \FileSystem\Ntfs \Ntfs fffffa800461e2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007f222c0 Device \Driver\cdrom \Device\CdRom0 fffffa80078422c0 Device \Driver\dtsoftbus01 \Device\00000080 fffffa800792c2c0 Device \Driver\cdrom \Device\CdRom1 fffffa80078422c0 Device \Driver\cdrom \Device\CdRom2 fffffa80078422c0 Device \Driver\cdrom \Device\CdRom3 fffffa80078422c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6D856252-2BDC-4F45-ABF6-36D06A984A2A} fffffa8007beb2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007f222c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800792c2c0 Device \Driver\dtsoftbus01 \Device\00000081 fffffa800792c2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007f222c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{26014E5F-0B79-4971-9D61-8D07DEB94415} fffffa8007beb2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007beb2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007f222c0 Device \Driver\ad3xoqib \Device\ScsiPort1 fffffa80084362c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{61899AF9-EB40-422E-9A4A-0B50FBB1D8A3} fffffa8007beb2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\ad3xoqib.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2013-08-13 13:29:04) fffff88008397000-fffff880083e8000 (331776 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca@00037a83a3a3 0xD5 0xEE 0x88 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca@00269e6abf93 0xEB 0x42 0xF1 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca@78f8828b0d77 0x9F 0x6C 0xCC 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca@0ce0e475e510 0x28 0xD2 0x5A 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423ff5cca@3021b8919977 0x26 0x97 0x89 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE1 0x9E 0x9A 0x26 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x08 0xD6 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x31 0x9C 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x9A 0xDC 0xEC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca@00037a83a3a3 0xD5 0xEE 0x88 0xD7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca@00269e6abf93 0xEB 0x42 0xF1 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca@78f8828b0d77 0x9F 0x6C 0xCC 0x49 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca@0ce0e475e510 0x28 0xD2 0x5A 0x15 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423ff5cca@3021b8919977 0x26 0x97 0x89 0xDF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE1 0x9E 0x9A 0x26 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x08 0xD6 0x70 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0x31 0x9C 0x51 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x15 0x9A 0xDC 0xEC ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Dołącz podpisy cyfrowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Dołącz podpisy cyfrowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Menedżer odnośników.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Menedżer odnośników.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Narzędzie transferu licencji \x2014 AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Narzędzie transferu licencji \x2014 AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Przywróć ustawienia domyślne.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Przywróć ustawienia domyślne.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Wsadowy kontroler standardów.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Wsadowy kontroler standardów.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Eksportuj ustawienia programu AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Eksportuj ustawienia programu AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Importuj ustawienia programu AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Importuj ustawienia programu AutoCAD 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Tomasz J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Migracja z poprzedniej wersji.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2015 \x2014 Polski (Polish)\Migracja ustawień niestandardowych\Migracja z poprzedniej wersji.lnk 1 ---- EOF - GMER 2.2 ----