GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-31 01:25:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: x5r8tfyh.exe; Driver: C:\Users\Mr.M\AppData\Local\Temp\ugldypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ff6000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002ff602f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8b9dc88 5 bytes JMP 000007fff89900d8 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8b9de10 5 bytes JMP 000007fff8990110 .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\Dwm.exe[1964] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\Explorer.EXE[1172] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\Explorer.EXE[1172] C:\Windows\system32\WS2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\Explorer.EXE[1172] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\Explorer.EXE[1172] C:\Windows\system32\WS2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007764fa88 5 bytes JMP 0000000173a1139e .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077650018 5 bytes JMP 0000000173a11a54 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2480] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32c36 4 bytes [24, D9, B9, 68] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2480] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37e43 4 bytes [74, 4C, 09, 66] .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2480] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab75de6 4 bytes [20, EF, B9, 68] .text C:\Windows\SysWOW64\PnkBstrA.exe[2532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000739a1a22 2 bytes [9A, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000739a1ad0 2 bytes [9A, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000739a1b08 2 bytes [9A, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000739a1bba 2 bytes [9A, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2532] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000739a1bda 2 bytes [9A, 73] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskeng.exe[3292] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\System32\igfxpers.exe[3312] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\System32\igfxtray.exe[3328] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\System32\igfxtray.exe[3328] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\System32\igfxtray.exe[3328] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\System32\igfxtray.exe[3328] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\System32\hkcmd.exe[3348] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\System32\hkcmd.exe[3348] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\System32\hkcmd.exe[3348] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\System32\hkcmd.exe[3348] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\WS2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\NetWorx\networx.exe[3708] C:\Windows\system32\WS2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\System32\StikyNot.exe[4072] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[3100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 00000000756030aa 7 bytes JMP 0000000102a00095 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000075606bd8 7 bytes JMP 0000000102a0002d .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000075607142 7 bytes JMP 0000000102a000c9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3608] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 000000007560cc3a 7 bytes JMP 0000000102a00061 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\DOLBY PCEE4\pcee4.exe[3612] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[3744] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[848] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffd990228 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770befe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770f94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770f9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007711a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a3460 7 bytes JMP 000007fffd9900d8 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9940 6 bytes JMP 000007fffd990148 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a9fb0 5 bytes JMP 000007fffd990180 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9aa150 5 bytes JMP 000007fffd990110 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 0000000076f8a5b4 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076f90810 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5189e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff51be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4112] entry point in ".rdata" section 0000000074b771e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xfb7228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xfb7268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xfb71a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xfb7128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xfb7328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xfb7368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xfb72e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xfb72a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xfb7068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xfb70a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xfb7028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xfb71e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xfb7168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xfb70e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x17ca28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x17ca68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x17c9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x17c928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x17cb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x17cb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x17cae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x17caa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x17c868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x17c8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x17c828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x17c9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x17c968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x17c8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x44b228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x44b268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x44b1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x44b128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x44b328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x44b368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x44b2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x44b2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x44b068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x44b0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x44b028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x44b1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x44b168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x44b0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Secunia\PSI\sua.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Secunia\PSI\sua.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x6fba28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x6fba68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x6fb9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x6fb928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x6fbb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x6fbb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x6fbae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x6fbaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x6fb868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x6fb8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x6fb828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x6fb9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x6fb968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x6fb8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xdf9a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xdf9a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xdf99a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xdf9928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xdf9b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xdf9b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xdf9ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xdf9aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xdf9868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xdf98a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xdf9828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xdf99e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xdf9968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xdf98e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xa03a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xa03a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xa039a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xa03928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xa03b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xa03b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xa03ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xa03aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xa03868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xa038a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xa03828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xa039e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xa03968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xa038e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x7b4a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x7b4a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x7b49a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x7b4928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x7b4b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x7b4b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x7b4ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x7b4aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x7b4868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x7b48a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x7b4828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x7b49e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x7b4968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x7b48e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x82aa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x82aa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x82a9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x82a928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x82ab28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x82ab68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x82aae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x82aaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x82a868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x82a8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x82a828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x82a9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x82a968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x82a8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xde8228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xde8268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xde81a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xde8128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xde8328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xde8368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xde82e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xde82a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xde8068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xde80a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xde8028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xde81e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xde8168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xde80e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xc96e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xc96e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xc96da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xc96d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xc96f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xc96f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xc96ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xc96ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xc96c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xc96ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xc96c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xc96de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xc96d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xc96ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x1018228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x1018268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x10181a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x1018128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x1018328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x1018368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x10182e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x10182a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x1018068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x10180a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x1018028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x10181e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x1018168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x10180e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2040] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff3d45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[2040] C:\Windows\system32\ws2_32.dll!getsockname 000007feff3d9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskhost.exe[2040] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff3fe0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[2040] C:\Windows\system32\ws2_32.dll!getpeername 000007feff3fe450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!DeviceIoControl 0000000075bc320f 5 bytes JMP 0000000100331ee0 .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\PROGRA~2\THEKMP~1\KMPlayer.exe[5808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0xf10e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0xf10e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0xf10da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0xf10d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0xf10f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0xf10f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0xf10ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0xf10ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0xf10c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0xf10ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0xf10c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0xf10de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0xf10d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0xf10ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007764f991 7 bytes {MOV EDX, 0x5cea28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007764fbd5 7 bytes {MOV EDX, 0x5cea68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007764fc05 7 bytes {MOV EDX, 0x5ce9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007764fc1d 7 bytes {MOV EDX, 0x5ce928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007764fc35 7 bytes {MOV EDX, 0x5ceb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007764fc65 7 bytes {MOV EDX, 0x5ceb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007764fce5 7 bytes {MOV EDX, 0x5ceae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007764fcfd 7 bytes {MOV EDX, 0x5ceaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007764fd49 7 bytes {MOV EDX, 0x5ce868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007764fe41 7 bytes {MOV EDX, 0x5ce8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077650099 7 bytes {MOV EDX, 0x5ce828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000776510a5 7 bytes {MOV EDX, 0x5ce9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007765111d 7 bytes {MOV EDX, 0x5ce968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077651321 7 bytes {MOV EDX, 0x5ce8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075851465 2 bytes [85, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758514bb 2 bytes [85, 75] .text ... * 2 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075bd1429 7 bytes JMP 0000000171f312ad .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075beb223 5 bytes JMP 0000000171f315be .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c688f4 7 bytes JMP 0000000171f31357 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c68979 5 bytes JMP 0000000171f316e0 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c68ccf 5 bytes JMP 0000000171f31028 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a71d1b 5 bytes JMP 0000000171f311ef .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a71dc9 5 bytes JMP 0000000171f31023 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a72aa4 5 bytes JMP 0000000171f3156e .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a72d0a 5 bytes JMP 0000000171f31294 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007501e9a2 5 bytes JMP 0000000171f315d7 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007501ebdc 5 bytes JMP 0000000171f311b8 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075878a29 5 bytes JMP 0000000171f31050 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075884572 5 bytes JMP 0000000171f310d2 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076c05ea5 5 bytes JMP 0000000171f31609 .text C:\Users\Mr.M\Downloads\x5r8tfyh.exe[6752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c39d0b 5 bytes JMP 0000000171f31249 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003726d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4d53d386139 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4d53d386139@90c115be15af 0x6A 0xB5 0x03 0x99 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e4d53d386139 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e4d53d386139@90c115be15af 0x6A 0xB5 0x03 0x99 ... ---- EOF - GMER 2.1 ----