GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-23 22:08:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MQ01ABD050 rev.AX002J 465,76GB Running: rmq2tm48.exe; Driver: C:\Users\ciel$ki\AppData\Local\Temp\pxldypoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1096] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075968a29 5 bytes JMP 0000000072093840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05dd5 5 bytes JMP 0000000072093800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39c5b 5 bytes JMP 00000000720936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000720d1003 2 bytes [0D, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1708] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 00000000720d1017 2 bytes [0D, 72] .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef944dc88 5 bytes JMP 000007fef92400d8 .text C:\Windows\system32\Dwm.exe[1764] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef944de10 5 bytes JMP 000007fef9240110 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1600] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757b8769 5 bytes [33, C0, C2, 04, 00] .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Windows\system32\taskeng.exe[2640] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Windows\system32\taskeng.exe[2740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2968] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075968a29 5 bytes JMP 0000000072093840 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05dd5 5 bytes JMP 0000000072093800 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39c5b 5 bytes JMP 00000000720936e0 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 757db233 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 757db35e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 75859149 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 757b4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 75858a42 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 75858c18 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 75858938 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 75858d02 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 757cfcc0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 757d6907 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 75859201 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 75858d62 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 758588fc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 757cfd59 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 757db2f4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 758590c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Anti-Malware\mbamtray.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 75858891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Windows\System32\igfxpers.exe[3676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757b8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 757db233 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 757db35e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 75859149 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 757b4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 75858a42 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 75858c18 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 75858938 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 75858d02 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 757cfcc0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 757d6907 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 75859201 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 75858d62 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 758588fc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 757cfd59 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 757db2f4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 758590c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 75858891 C:\Windows\syswow64\kernel32.dll .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075968a29 5 bytes JMP 0000000072093840 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b05dd5 5 bytes JMP 0000000072093800 .text C:\Users\ciel$ki\AppData\Local\FluxSoftware\Flux\flux.exe[3224] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b39c5b 5 bytes JMP 00000000720936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075968a29 5 bytes JMP 0000000072093840 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[1488] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075968a29 5 bytes JMP 0000000072093840 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3244] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\conhost.exe[5668] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077802280 5 bytes JMP 00000000003c075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077806130 5 bytes JMP 00000000003c03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c20 5 bytes JMP 000000006fff02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca510 5 bytes JMP 000000006fff0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000775d07b8 7 bytes JMP 000000006fff0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dcd04 9 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610744 5 bytes JMP 000000006fff0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1948] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077802280 5 bytes JMP 00000000000a075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077806130 5 bytes JMP 00000000000a03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007782be00 7 bytes [48, B8, 60, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007782be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007782bf70 7 bytes [48, B8, E0, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007782bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007782bf90 7 bytes [48, B8, D0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007782bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007782bfa0 7 bytes [48, B8, C0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007782bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007782bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007782bfd0 7 bytes [48, B8, B0, F8, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007782bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007782c020 7 bytes [48, B8, 50, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007782c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007782c030 7 bytes [48, B8, 20, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007782c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007782c060 7 bytes [48, B8, 40, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007782c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007782c100 7 bytes [48, B8, 80, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007782c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007782c280 7 bytes [48, B8, C0, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007782c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007782ccf0 7 bytes [48, B8, 00, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007782ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007782cd40 7 bytes [48, B8, A0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007782cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007782ce90 7 bytes [48, B8, A0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007782ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda24650 6 bytes JMP 000007fefd790228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefda35f10 7 bytes JMP 000007fefd790260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077802280 5 bytes JMP 00000000000b075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077806130 5 bytes JMP 00000000000b03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007782be00 7 bytes [48, B8, 60, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007782be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007782bf70 7 bytes [48, B8, E0, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007782bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007782bf90 7 bytes [48, B8, D0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007782bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007782bfa0 7 bytes [48, B8, C0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007782bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007782bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007782bfd0 7 bytes [48, B8, B0, F8, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007782bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007782c020 7 bytes [48, B8, 50, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007782c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007782c030 7 bytes [48, B8, 20, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007782c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007782c060 7 bytes [48, B8, 40, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007782c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007782c100 7 bytes [48, B8, 80, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007782c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007782c280 7 bytes [48, B8, C0, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007782c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007782ccf0 7 bytes [48, B8, 00, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007782ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007782cd40 7 bytes [48, B8, A0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007782cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007782ce90 7 bytes [48, B8, A0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007782ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077802280 5 bytes JMP 00000000003b075c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000077804170 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077806130 5 bytes JMP 00000000003b03a4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007782be00 7 bytes [48, B8, 60, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007782be08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 000000007782bec0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007782bf70 7 bytes [48, B8, E0, F9, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007782bf78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007782bf90 7 bytes [48, B8, D0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007782bf98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007782bfa0 7 bytes [48, B8, C0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007782bfa8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007782bfb0 7 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007782bfb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007782bfd0 7 bytes [48, B8, B0, F8, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007782bfd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007782c020 7 bytes [48, B8, 50, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007782c028 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007782c030 7 bytes [48, B8, 20, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007782c038 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007782c060 7 bytes [48, B8, 40, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007782c068 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007782c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007782c100 7 bytes [48, B8, 80, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007782c108 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007782c130 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007782c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007782c250 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007782c280 7 bytes [48, B8, C0, FA, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007782c288 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007782c700 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007782c790 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007782c800 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007782ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007782ccf0 7 bytes [48, B8, 00, FE, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007782ccf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007782cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007782cd40 7 bytes [48, B8, A0, FD, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007782cd48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007782ce90 7 bytes [48, B8, A0, FB, 14, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007782ce98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 00000000778826a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000776ca3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000776d3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000776effd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000776ff3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077729c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077739710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077758ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7a32f0 7 bytes JMP 000007fefd7900d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7aaa60 5 bytes JMP 000007fefd790180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7aac00 5 bytes JMP 000007fefd790110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7b9ac0 5 bytes JMP 000007fefd790148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd998810 8 bytes JMP 000007fefd7901f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd99b9e0 8 bytes JMP 000007fefd7901b8 .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757b8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076231401 2 bytes JMP 757db233 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076231419 2 bytes JMP 757db35e C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076231431 2 bytes JMP 75859149 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007623144a 2 bytes CALL 757b4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762314dd 2 bytes JMP 75858a42 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762314f5 2 bytes JMP 75858c18 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007623150d 2 bytes JMP 75858938 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076231525 2 bytes JMP 75858d02 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007623153d 2 bytes JMP 757cfcc0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076231555 2 bytes JMP 757d6907 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007623156d 2 bytes JMP 75859201 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076231585 2 bytes JMP 75858d62 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007623159d 2 bytes JMP 758588fc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762315b5 2 bytes JMP 757cfd59 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762315cd 2 bytes JMP 757db2f4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762316b2 2 bytes JMP 758590c4 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast!\AvastUI.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762316bd 2 bytes JMP 75858891 C:\Windows\syswow64\kernel32.dll .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757b1eee 7 bytes JMP 00000000720953f0 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757b5b85 7 bytes JMP 0000000072095a30 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757c1409 7 bytes JMP 0000000072095640 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757cea5d 7 bytes JMP 00000000720953e0 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000758590c4 7 bytes JMP 0000000072094850 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075859149 5 bytes JMP 0000000072094a30 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007585949f 5 bytes JMP 0000000072094860 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076f91e4c 5 bytes JMP 0000000072094770 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076f91efa 5 bytes JMP 0000000072094680 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076f92bdc 5 bytes JMP 0000000072094a40 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076f92e7e 5 bytes JMP 0000000072094370 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758de743 5 bytes JMP 0000000072093980 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758de97d 5 bytes JMP 0000000072093990 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075975645 5 bytes JMP 0000000072094300 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007598f61f 5 bytes JMP 0000000072094360 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000759b0867 5 bytes JMP 00000000720935c0 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000759c7af4 5 bytes JMP 00000000720942d0 .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000720d1003 2 bytes [0D, 72] .text C:\Users\ciel$ki\Downloads\gm\rmq2tm48.exe[6556] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 23 00000000720d1017 2 bytes [0D, 72] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\CLASSPNP.SYS[ntoskrnl.exe!IofCallDriver] [fffff88003ec33e4] \SystemRoot\system32\drivers\aswSP.sys [.text] ---- Threads - GMER 2.2 ---- Thread [476:568] 00000000777ff6f0 Thread C:\Windows\system32\WLANExt.exe [1416:1624] 0000000000628684 Thread C:\Windows\system32\WLANExt.exe [1416:1628] 0000000000628684 Thread C:\Windows\System32\spoolsv.exe [1876:4320] 000007feedfa10c8 Thread C:\Windows\System32\spoolsv.exe [1876:4316] 000007feec986144 Thread C:\Windows\System32\spoolsv.exe [1876:5252] 000007feee945fd0 Thread C:\Windows\System32\spoolsv.exe [1876:2512] 000007feede33438 Thread C:\Windows\System32\spoolsv.exe [1876:3108] 000007feee9463ec Thread C:\Windows\System32\spoolsv.exe [1876:4324] 000007feee0e5e5c Thread C:\Windows\System32\spoolsv.exe [1876:2384] 000007feecbd5060 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\94dbc99bb9dc Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\94dbc99bb9dc (not active ControlSet) ---- EOF - GMER 2.2 ----