GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-12 15:07:45 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JJ rev.2AK10001 465,76GB Running: d7j2esu3.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kwrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc9b92c 7 bytes JMP 000007fffc910260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcb87a0 11 bytes JMP 000007fffc910228 .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071a217fa 2 bytes CALL 76ff1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071a21860 2 bytes CALL 76ff1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071a21942 2 bytes JMP 7710c29f C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071a2194d 2 bytes JMP 7710418d C:\Windows\syswow64\WS2_32.dll .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc9100d8 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc910148 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc910180 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc910110 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b83e0 8 bytes JMP 000007fffc9101f0 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbef0 8 bytes JMP 000007fffc9101b8 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef0b94980 7 bytes JMP 000007fff0b800d8 .text C:\Windows\system32\Dwm.exe[3608] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef0bb9af4 7 bytes JMP 000007fff0b80110 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc9100d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc910148 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc910180 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc910110 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b83e0 8 bytes JMP 000007fffc9101f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbef0 8 bytes JMP 000007fffc9101b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc9b92c 7 bytes JMP 000007fffc910260 .text C:\Program Files\Dell\QuickSet\quickset.exe[4968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcb87a0 11 bytes JMP 000007fffc910228 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc8500d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc850148 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc850180 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc850110 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b83e0 8 bytes JMP 000007fffc8501f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbef0 8 bytes JMP 000007fffc8501b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc9b92c 7 bytes JMP 000007fffc850260 .text C:\Program Files\IDT\WDM\sttray64.exe[4032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcb87a0 11 bytes JMP 000007fffc850228 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc9100d8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc910148 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc910180 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[1992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc910110 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3756] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc8500d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc850148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc850180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc850110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc9b92c 7 bytes JMP 000007fffc850260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcb87a0 11 bytes JMP 000007fffc850228 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ffd03c 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc9100d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc910148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc910180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc910110 .text C:\Program Files\DellTPad\HidFind.exe[2324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc9100d8 .text C:\Program Files\DellTPad\HidFind.exe[2324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc910148 .text C:\Program Files\DellTPad\HidFind.exe[2324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc910180 .text C:\Program Files\DellTPad\HidFind.exe[2324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc910110 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text D:\Program Files (x86)\AVG\AVG2013\avgui.exe[5008] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[3420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724cac0 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007725feb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077272af0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772da2b0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc929610 7 bytes JMP 000007fffc8500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc92a330 7 bytes JMP 000007fffc850148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc92b260 5 bytes JMP 000007fffc850180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc93a720 5 bytes JMP 000007fffc850110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b83e0 8 bytes JMP 000007fffc8501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbef0 8 bytes JMP 000007fffc8501b8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0xecb228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0xecb268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0xecb1a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0xecb128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0xecb328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0xecb368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0xecb2e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0xecb2a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0xecb068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0xecb0a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0xecb028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0xecb1e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0xecb168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5980] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0xecb0e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0xae9228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0xae9268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0xae91a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0xae9128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0xae9328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0xae9368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0xae92e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0xae92a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0xae9068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0xae90a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0xae9028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0xae91e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0xae9168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0xae90e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x356628; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x356668; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x3565a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x356528; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x356728; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x356768; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x3566e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x3566a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x356468; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x3564a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x356428; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x3565e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x356568; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x3564e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0xbac628; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0xbac668; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0xbac5a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0xbac528; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0xbac728; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0xbac768; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0xbac6e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0xbac6a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0xbac468; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0xbac4a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0xbac428; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0xbac5e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0xbac568; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0xbac4e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x1067a28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x1067a68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x10679a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x1067928; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x1067b28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x1067b68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x1067ae8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x1067aa8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x1067868; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x10678a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x1067828; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x10679e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x1067968; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x10678e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0xfcf228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0xfcf268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0xfcf1a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0xfcf128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0xfcf328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0xfcf368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0xfcf2e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0xfcf2a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0xfcf068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0xfcf0a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0xfcf028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0xfcf1e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0xfcf168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0xfcf0e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x629a28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x629a68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x6299a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x629928; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x629b28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x629b68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x629ae8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x629aa8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x629868; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x6298a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x629828; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x6299e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x629968; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x6298e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x3e4228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x3e4268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x3e41a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x3e4128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x3e4328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x3e4368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x3e42e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x3e42a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x3e4068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x3e40a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x3e4028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x3e41e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x3e4168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x3e40e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x3bda28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x3bda68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x3bd9a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x3bd928; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x3bdb28; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x3bdb68; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x3bdae8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x3bdaa8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x3bd868; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x3bd8a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x3bd828; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x3bd9e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x3bd968; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x3bd8e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x9c3228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x9c3268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x9c31a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x9c3128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x9c3328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x9c3368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x9c32e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x9c32a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x9c3068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x9c30a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x9c3028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x9c31e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x9c3168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x9c30e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007755f951 7 bytes {MOV EDX, 0x49a228; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007755fb95 7 bytes {MOV EDX, 0x49a268; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007755fbc5 7 bytes {MOV EDX, 0x49a1a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007755fbdd 7 bytes {MOV EDX, 0x49a128; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007755fbf5 7 bytes {MOV EDX, 0x49a328; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007755fc25 7 bytes {MOV EDX, 0x49a368; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007755fca5 7 bytes {MOV EDX, 0x49a2e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007755fcbd 7 bytes {MOV EDX, 0x49a2a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007755fd09 7 bytes {MOV EDX, 0x49a068; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007755fe01 7 bytes {MOV EDX, 0x49a0a8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077560059 7 bytes {MOV EDX, 0x49a028; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077561065 7 bytes {MOV EDX, 0x49a1e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775610dd 7 bytes {MOV EDX, 0x49a168; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775612e1 7 bytes {MOV EDX, 0x49a0e8; JMP RDX} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075281401 2 bytes JMP 7700eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075281419 2 bytes JMP 7701b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075281431 2 bytes JMP 77098609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007528144a 2 bytes CALL 76ff1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752814dd 2 bytes JMP 77097efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752814f5 2 bytes JMP 770980d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007528150d 2 bytes JMP 77097df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075281525 2 bytes JMP 770981c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007528153d 2 bytes JMP 7700f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075281555 2 bytes JMP 7701b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007528156d 2 bytes JMP 770986c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075281585 2 bytes JMP 77098222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007528159d 2 bytes JMP 77097db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752815b5 2 bytes JMP 7700f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752815cd 2 bytes JMP 7701b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752816b2 2 bytes JMP 77098584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752816bd 2 bytes JMP 77097d4d C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text D:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[6404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ff2182 1 byte JMP 000000016fcf16b3 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 2 0000000076ff2184 5 bytes {JMP 0xfffffffff8cff531} .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ffc74f 7 bytes JMP 000000016fcf11cc .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007700ddba 7 bytes JMP 000000016fcf1262 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007700eb26 5 bytes JMP 000000016fcf15c8 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007700f18b 7 bytes JMP 000000016fcf12a8 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077098584 7 bytes JMP 000000016fcf1357 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077098609 5 bytes JMP 000000016fcf16f4 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007709895f 5 bytes JMP 000000016fcf101e .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768e1094 5 bytes JMP 000000016fcf11e5 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768e1142 5 bytes JMP 000000016fcf1019 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768e1bb2 5 bytes JMP 000000016fcf1573 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768e1d92 5 bytes JMP 000000016fcf128f .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aae84e 5 bytes JMP 000000016fcf11a9 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae86e 5 bytes JMP 000000016fcf15e1 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076728b9a 5 bytes JMP 000000016fcf1046 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076734c48 5 bytes JMP 000000016fcf10c8 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076736bdc 5 bytes JMP 000000016fcf1433 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076787bec 1 byte JMP 000000016fcf15f0 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 2 0000000076787bee 3 bytes {JMP 0xfffffffff9569a04} .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751259e3 5 bytes JMP 000000016fcf1618 .text C:\Users\Daniel\Downloads\d7j2esu3.exe[488] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751657fc 5 bytes JMP 000000016fcf123f ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1660:3972] 000007fef2dd0ea8 Thread C:\Windows\system32\svchost.exe [1660:3928] 000007fef2dc9db0 Thread C:\Windows\system32\svchost.exe [1660:3108] 000007fef2dcaa10 Thread C:\Windows\system32\svchost.exe [1660:2856] 000007fef2dd1c94 Thread C:\Windows\system32\svchost.exe [1660:5844] 000007feea73d3c8 Thread C:\Windows\system32\svchost.exe [1660:6304] 000007feea73d3c8 Thread C:\Windows\system32\svchost.exe [1660:5840] 000007feea73d3c8 Thread C:\Windows\system32\svchost.exe [1660:3468] 000007feea73d3c8 Thread C:\Windows\system32\WLANExt.exe [1916:1960] 00000001800ee130 Thread C:\Windows\system32\WLANExt.exe [1916:1964] 0000000180090110 Thread C:\Windows\system32\WLANExt.exe [1916:1968] 00000001800ee130 Thread C:\Windows\system32\WLANExt.exe [1916:2588] 000007fef8372f9c Thread C:\Windows\system32\WLANExt.exe [1916:2660] 0000000000e18bc8 Thread C:\Windows\system32\WLANExt.exe [1916:2664] 0000000000e18be4 Thread C:\Windows\system32\WLANExt.exe [1916:2668] 0000000000e18bac Thread C:\Windows\system32\WLANExt.exe [1916:2672] 000007fef8372f9c Thread C:\Windows\System32\spoolsv.exe [2012:3580] 000007fef3b510c8 Thread C:\Windows\System32\spoolsv.exe [2012:3768] 000007fef3326144 Thread C:\Windows\System32\spoolsv.exe [2012:3824] 000007fef3845fd0 Thread C:\Windows\System32\spoolsv.exe [2012:3892] 000007fef4793438 Thread C:\Windows\System32\spoolsv.exe [2012:3896] 000007fef38463ec Thread C:\Windows\System32\spoolsv.exe [2012:3876] 000007fef5285e5c Thread C:\Windows\System32\spoolsv.exe [2012:3976] 000007fef3174828 Thread C:\Windows\System32\spoolsv.exe [2012:4996] 000007fef31e1efc Thread C:\Windows\system32\svchost.exe [2044:1328] 000007fefc051a70 Thread C:\Windows\system32\svchost.exe [2044:1348] 000007fefc051a70 Thread C:\Windows\system32\svchost.exe [2044:1388] 000007fefc051a70 Thread C:\Windows\system32\svchost.exe [2044:1464] 000007fef80d2920 Thread C:\Windows\system32\svchost.exe [2044:1692] 000007fef80e5840 Thread C:\Windows\system32\svchost.exe [2044:1764] 000007fef80ee680 Thread C:\Windows\system32\svchost.exe [2044:1772] 000007fef80d9140 Thread C:\Windows\system32\svchost.exe [2044:2272] 000007fef8023060 Thread C:\Windows\system32\svchost.exe [2044:3500] 000007fef8025570 Thread C:\Windows\system32\svchost.exe [2044:3644] 000007fef2f72940 Thread C:\Windows\system32\svchost.exe [2044:4224] 000007fef4812888 Thread C:\Windows\system32\svchost.exe [2044:5572] 000007fef4812a40 Thread C:\Windows\system32\svchost.exe [3104:3628] 000007fef54c8470 Thread C:\Windows\system32\svchost.exe [3104:3668] 000007fef54d2418 Thread C:\Windows\system32\svchost.exe [3104:4136] 000007fef3bbf130 Thread C:\Windows\system32\svchost.exe [3104:4320] 000007fef3bb4734 Thread C:\Windows\system32\svchost.exe [3104:5016] 000007fef3bb4734 Thread C:\Windows\system32\svchost.exe [3104:1012] 000007fef3845fd0 Thread C:\Windows\system32\svchost.exe [3104:4852] 000007fef38463ec Thread C:\Windows\system32\WUDFHost.exe [3716:3664] 000007fef28f24a0 Thread C:\Windows\system32\svchost.exe [3680:2684] 000007fefccba808 Thread C:\Windows\system32\taskhost.exe [2616:820] 000007fef9ad2740 Thread C:\Windows\system32\taskhost.exe [2616:5064] 000007fef9aa1f38 Thread C:\Windows\system32\taskhost.exe [2616:3484] 000007fefaca1010 Thread C:\Windows\system32\taskhost.exe [2616:2184] 000007fefdea9274 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@bc476012f587 0xE0 0x4A 0x9B 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@002568aa5336 0x54 0xF7 0x8F 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@00247de6a7fd 0xFE 0x98 0x91 0xAE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@bc476032198b 0x67 0xD2 0xF3 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@5c57c835ef5f 0xB3 0xD3 0xA8 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@a075910ba8da 0x1E 0x37 0x59 0x1F ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@f07bcbdac1b4 0x1E 0x1F 0xFA 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@5c17d3bc7f97 0xEC 0xAB 0xC9 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@e0a6707d0cd2 0x6E 0x7E 0x30 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@8400d2c3b96d 0x3E 0x38 0x30 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@a8922cc01c2a 0xB4 0x60 0x35 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@5cb524448a9d 0x4D 0xBB 0xED 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773728fd97@8c64229a1961 0x1F 0x9B 0xCD 0x7F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@bc476012f587 0xE0 0x4A 0x9B 0xC9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@002568aa5336 0x54 0xF7 0x8F 0xC3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@00247de6a7fd 0xFE 0x98 0x91 0xAE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@bc476032198b 0x67 0xD2 0xF3 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@5c57c835ef5f 0xB3 0xD3 0xA8 0x1D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@a075910ba8da 0x1E 0x37 0x59 0x1F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@f07bcbdac1b4 0x1E 0x1F 0xFA 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@5c17d3bc7f97 0xEC 0xAB 0xC9 0x61 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@e0a6707d0cd2 0x6E 0x7E 0x30 0x3A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@8400d2c3b96d 0x3E 0x38 0x30 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@a8922cc01c2a 0xB4 0x60 0x35 0x04 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@5cb524448a9d 0x4D 0xBB 0xED 0x0E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773728fd97@8c64229a1961 0x1F 0x9B 0xCD 0x7F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x11 0x25 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ ---- EOF - GMER 2.1 ----