GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-16 03:30:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.03.0 698,64GB Running: bh9jg1te.exe; Driver: C:\Users\Aga\AppData\Local\Temp\pgddrpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800039ed000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff800039ed02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\windows\SysWOW64\ntdll.dll[1084] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000779dfaa8 5 bytes JMP 00000001728719e8 .text C:\windows\SysWOW64\ntdll.dll[1084] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0038 5 bytes JMP 000000017287209e .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Widex\Compass GPS\CompassGPSDBService.exe[1624] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe[2360] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Oticon\Genie\GenieUpdater\GenieUpdaterService.exe[2404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\KERNEL32.dll ? C:\windows\system32\mssprxy.dll [2664] entry point in ".rdata" section 00000000699c71e6 .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\KERNEL32.dll .text C:\Anton\Programy\Connexx7\IPC\SHS.SAT.Common.Ipc.ServiceHost.exe[2088] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5260] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5868] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 5 bytes JMP 000007fffd8e00b8 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8e0038 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 5 bytes JMP 000007fffd8e0138 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb60a38c 5 bytes JMP 000007fefd8e02b8 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb624b60 5 bytes JMP 000007fefd8e0238 .text C:\windows\system32\taskhost.exe[12692] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb624ba0 5 bytes JMP 000007fefd8e01b8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6bedc88 5 bytes JMP 000007fff6bc00d8 .text C:\windows\system32\Dwm.exe[14056] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6bede10 5 bytes JMP 000007fff6bc0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[10276] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[8672] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb60a38c 5 bytes JMP 000007fefd8d02b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb624b60 5 bytes JMP 000007fefd8d0238 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb624ba0 5 bytes JMP 000007fefd8d01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5488] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb60a38c 5 bytes JMP 000007fefd8d02b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb624b60 5 bytes JMP 000007fefd8d0238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb624ba0 5 bytes JMP 000007fefd8d01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[7580] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3568] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb60a38c 5 bytes JMP 000007fefd8d02b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb624b60 5 bytes JMP 000007fefd8d0238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb624ba0 5 bytes JMP 000007fefd8d01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[11388] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Windows\System32\hkcmd.exe[11728] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Windows\System32\hkcmd.exe[11728] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 5 bytes JMP 000007fffd8e00b8 .text C:\Windows\System32\hkcmd.exe[11728] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8e0038 .text C:\Windows\System32\hkcmd.exe[11728] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 5 bytes JMP 000007fffd8e0138 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Windows\System32\igfxpers.exe[10984] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[10768] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[14040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\Windows\system32\DDRAW.dll!DirectDrawCreate 000007fef5e7815c 5 bytes JMP 000007fefd8d01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[14188] C:\Windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef5e78968 5 bytes JMP 000007fefd8d0238 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\Sandboxie\SbieCtrl.exe[9388] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5060] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002d955984 4 bytes [3A, CC, D2, E7] .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[11012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[9592] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe[9296] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtClose 00000000779df9e0 5 bytes JMP 00000001686a6f86 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 00000000779df9f8 5 bytes JMP 00000001686a741f .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 00000000779dfa28 5 bytes JMP 00000001686a1027 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000779dfa40 5 bytes JMP 00000001686a08b2 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 00000000779dfa90 5 bytes JMP 00000001686a072c .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000779dfaa8 5 bytes JMP 00000001686a083a .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 00000000779dfb40 5 bytes JMP 00000001686a13d1 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000779dfc38 5 bytes JMP 00000001686a53c5 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000779dfd4c 5 bytes JMP 00000001686a06b4 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779dfd64 5 bytes JMP 00000001686a59b5 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000779dfd98 5 bytes JMP 00000001686a4a3a .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779dfe44 5 bytes JMP 00000001686a7001 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000779dfe5c 5 bytes JMP 00000001686a5b37 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779e00b4 5 bytes JMP 00000001686a57ed .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779e01c4 5 bytes JMP 00000001686a092a .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000779e09e4 5 bytes JMP 00000001686a55e0 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000779e09fc 5 bytes JMP 000000016869d7fa .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000779e0a44 5 bytes JMP 000000016869d8c8 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 00000000779e0b80 5 bytes JMP 000000016869d861 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000779e0f70 5 bytes JMP 00000001686a09a2 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779e0f88 5 bytes JMP 00000001686a0dff .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000779e1018 5 bytes JMP 00000001686a112f .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000779e133c 5 bytes JMP 00000001686a5bc7 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000779e147c 5 bytes JMP 00000001686a0d83 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000779e1528 5 bytes JMP 00000001686a7397 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 00000000779e1718 5 bytes JMP 000000016869dd06 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000779e1a58 5 bytes JMP 00000001686a07b4 .text C:\Program[10448] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779e1b9c 5 bytes JMP 00000001686a712e .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!CreateProcessW 0000000075bf103d 5 bytes JMP 0000000168679bba .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000075bf1072 5 bytes JMP 0000000168679cf8 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!ReplaceFile 0000000075c10de4 5 bytes JMP 0000000168677e04 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075c1c9b5 5 bytes JMP 0000000168679f2e .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!ReplaceFileA 0000000075c6eef1 5 bytes JMP 0000000168677d24 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000075c70423 5 bytes JMP 000000016867a851 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 0000000075c704cb 5 bytes JMP 000000016867ab84 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!WinExec 0000000075c72ff1 5 bytes JMP 000000016867a3f3 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!AllocConsole 0000000075c9705e 5 bytes JMP 00000001686a8595 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!AttachConsole 0000000075c97122 5 bytes JMP 00000001686a85a7 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program[10448] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program[10448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program[10448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program[10448] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program[10448] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!CreateWindowExA 000000007553d22e 5 bytes JMP 00000001686a8565 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program[10448] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program[10448] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Program[10448] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Program[10448] C:\windows\syswow64\GDI32.dll!AddFontResourceW 000000007634d40a 5 bytes JMP 00000001686881eb .text C:\Program[10448] C:\windows\syswow64\GDI32.dll!AddFontResourceA 000000007634d913 5 bytes JMP 00000001686881cf .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 0000000076781e3a 7 bytes JMP 000000016868b1d3 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 000000007678b406 7 bytes JMP 000000016868c0f4 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000767a7897 7 bytes JMP 000000016868b87a .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000767a7953 7 bytes JMP 000000016868ba2b .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000767aa37a 7 bytes JMP 000000016868c1ba .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000767c2642 5 bytes JMP 000000016867a070 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 00000000767e1d74 7 bytes JMP 000000016868b932 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 00000000767e1e11 7 bytes JMP 000000016868bae3 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 00000000767e2201 7 bytes JMP 000000016868c036 .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000767e22e4 7 bytes JMP 000000016868b28a .text C:\Program[10448] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 00000000767e2401 5 bytes JMP 000000016868bf78 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ControlService 00000000766e4d5c 7 bytes JMP 000000016868b018 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000766e4dc3 7 bytes JMP 000000016868b341 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 00000000766e4e4b 7 bytes JMP 000000016868b0a4 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 00000000766e4eaf 7 bytes JMP 000000016868b137 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!StartServiceW 00000000766e4f35 7 bytes JMP 000000016868ae93 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!StartServiceA 00000000766e508d 7 bytes JMP 000000016868af29 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000766e50f4 7 bytes JMP 000000016868be46 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766e5181 7 bytes JMP 000000016868bee2 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766e5254 7 bytes JMP 000000016868b542 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766e53d5 7 bytes JMP 000000016868b45d .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766e54c2 7 bytes JMP 000000016868b7e4 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766e55e2 7 bytes JMP 000000016868b74e .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000766e567c 7 bytes JMP 000000016868ac75 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000766e589f 7 bytes JMP 000000016868ab9f .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000766e5a22 7 bytes JMP 000000016868b3cf .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 00000000766e5a83 7 bytes JMP 000000016868bc75 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 00000000766e5b29 7 bytes JMP 000000016868bbdc .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 00000000766e5ca0 7 bytes JMP 000000016868a34f .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 00000000766e5d8c 7 bytes JMP 000000016868a2d6 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000766e63ad 7 bytes JMP 000000016868a89d .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000766e64f0 7 bytes JMP 000000016868a929 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 00000000766e6633 7 bytes JMP 000000016868bdaa .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 00000000766e680c 7 bytes JMP 000000016868bd0e .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!OpenServiceW 00000000766e714b 7 bytes JMP 000000016868aa12 .text C:\Program[10448] C:\windows\SysWOW64\sechost.dll!OpenServiceA 00000000766e7245 7 bytes JMP 000000016868aa9e .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 00000000756ac56e 5 bytes JMP 000000016869196d .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 00000000756aea09 7 bytes JMP 0000000168691f3e .text C:\Program[10448] C:\windows\syswow64\ole32.dll!OleRun 00000000756b07de 5 bytes JMP 0000000168691df9 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 00000000756b21e1 5 bytes JMP 0000000168692a6e .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!OleUninitialize 00000000756beba1 6 bytes JMP 0000000168691d18 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!OleInitialize 00000000756befd7 5 bytes JMP 0000000168691ca8 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoGetPSClsid 00000000756c26b9 5 bytes JMP 0000000168691ae5 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoGetClassObject 00000000756d54ad 5 bytes JMP 0000000168692ffc .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoInitializeEx 00000000756e09ad 5 bytes JMP 0000000168691b58 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoUninitialize 00000000756e86d3 5 bytes JMP 0000000168691bda .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000756e9d4e 5 bytes JMP 0000000168692405 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007570bb09 7 bytes JMP 0000000168691e69 .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 000000007572eacf 5 bytes JMP 00000001686913ca .text C:\Program[10448] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007576340b 5 bytes JMP 00000001686934bc .text C:\Program[10448] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 00000000757acfd9 5 bytes JMP 0000000168691d83 .text C:\Program[10448] C:\windows\syswow64\OLEAUT32.dll!RegisterActiveObject 00000000759927ce 5 bytes JMP 000000016869165d .text C:\Program[10448] C:\windows\syswow64\OLEAUT32.dll!RevokeActiveObject 00000000759932c4 5 bytes JMP 000000016869177e .text C:\Program[10448] C:\windows\syswow64\OLEAUT32.dll!GetActiveObject 00000000759a8f80 5 bytes JMP 00000001686917f1 .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program[10448] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\windows\system32\wbem\unsecapp.exe[6384] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb60a38c 5 bytes JMP 000007fefd8d02b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb624b60 5 bytes JMP 000007fefd8d0238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb624ba0 5 bytes JMP 000007fefd8d01b8 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\Program Files\Sandboxie\SbieSvc.exe[13252] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\windows\system32\taskmgr.exe[5020] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[11192] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5948] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756b5ea5 5 bytes JMP 00000001742d2c10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[8752] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 00000001742d2ba0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[6192] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll ? C:\windows\system32\mssprxy.dll [6192] entry point in ".rdata" section 00000000699c71e6 .text C:\windows\system32\taskhost.exe[12104] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\taskhost.exe[12104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 5 bytes JMP 000007fffd8e00b8 .text C:\windows\system32\taskhost.exe[12104] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8e0038 .text C:\windows\system32\taskhost.exe[12104] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 5 bytes JMP 000007fffd8e0138 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!RegSetValueExW 00000000776ca400 7 bytes JMP 000000016fff0228 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!RegQueryValueExW 00000000776d3f20 5 bytes JMP 000000016fff0180 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000776d6440 5 bytes JMP 0000000169ff0038 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!RegDeleteValueW 00000000776effb0 5 bytes JMP 000000016fff01b8 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000776ff2e0 5 bytes JMP 000000016fff0110 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077729a30 7 bytes JMP 000000016fff00d8 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777394c0 5 bytes JMP 000000016fff0148 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777587e0 7 bytes JMP 000000016fff01f0 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8f2db0 5 bytes JMP 000007fffd8e0180 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8f37d0 7 bytes JMP 000007fffd8e00d8 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 6 bytes JMP 000007fffd8e0148 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd8fbfd0 5 bytes JMP 000007fffd8d0038 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd90af60 5 bytes JMP 000007fffd8e0110 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff0a7490 11 bytes JMP 000007fffd8e0228 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0bbf00 7 bytes JMP 000007fffd8e0260 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989f0 8 bytes JMP 000007fffd8e01f0 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be50 8 bytes JMP 000007fffd8e01b8 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00000000775c6c80 5 bytes JMP 000000016fff02d0 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00000000775ca5b4 5 bytes JMP 000000016fff0298 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\USER32.dll!CreateWindowExW 00000000775d0810 7 bytes JMP 000000016fff0308 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000775dccec 9 bytes JMP 000000016fff0260 .text C:\windows\system32\wuauclt.exe[8076] C:\windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077610700 5 bytes JMP 000000016fff0340 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\kernel32.dll!CreateFileW 0000000075bf3f1c 5 bytes JMP 00000001599475f0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075bf48db 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\kernel32.dll!LoadLibraryW 0000000075bf48f3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075bf4925 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!SetWindowPos 0000000075538e4e 5 bytes JMP 0000000159946ad0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!ShowWindow 0000000075540dfb 5 bytes JMP 00000001599468b0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!SetFocus 0000000075542175 5 bytes JMP 00000001599469c0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!SetActiveWindow 0000000075543208 5 bytes JMP 0000000159946be0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!BringWindowToTop 0000000075547b3b 5 bytes JMP 00000001599465e0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!SetForegroundWindow 000000007555f170 5 bytes JMP 00000001599464d0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!SwitchToThisWindow 00000000755790fc 5 bytes JMP 00000001599466f0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\USER32.dll!ShowWindowAsync 0000000075597d97 5 bytes JMP 00000001599467a0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756e9d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\ole32.dll!DoDragDrop 00000000757aa827 5 bytes JMP 00000001599463e0 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 75c1b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 75c1b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75c98ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 75bf48ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75c987a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 75c98978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75c98698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75c98a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 75c0fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 75c168ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75c98f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75c98ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 75c9865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 75c0fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 75c1b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75c98e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[11404] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75c985f1 C:\windows\syswow64\kernel32.dll .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075bf1f0e 7 bytes JMP 00000001742d3d10 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000075bf5bad 7 bytes JMP 00000001742d46b0 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c01409 7 bytes JMP 00000001742d4050 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c0ea45 7 bytes JMP 00000001742d3d00 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c98e24 7 bytes JMP 00000001742d37c0 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c98ea9 5 bytes JMP 00000001742d3870 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c991ff 5 bytes JMP 00000001742d37d0 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075811d29 5 bytes JMP 00000001742d3780 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075811dd7 5 bytes JMP 00000001742d3740 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075812ab1 5 bytes JMP 00000001742d3880 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075812d17 5 bytes JMP 00000001742d3560 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007633e96b 5 bytes JMP 00000001742d2d70 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007633eba5 5 bytes JMP 00000001742d2d80 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000075538a29 5 bytes JMP 00000001742d2c50 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075544572 5 bytes JMP 00000001742d34e0 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007555e567 5 bytes JMP 00000001742d3550 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755807d7 5 bytes JMP 00000001742d2a60 .text C:\Users\Agusia\Desktop\bh9jg1te.exe[4440] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075597a5c 5 bytes JMP 00000001742d34d0 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880042c0edc] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.1 ---- Thread C:\windows\SysWOW64\ntdll.dll [1084:1980] 00000000000e301f Thread C:\windows\SysWOW64\ntdll.dll [1084:1540] 0000000072237240 Thread C:\windows\SysWOW64\ntdll.dll [1084:1344] 00000000722375f0 Thread C:\windows\SysWOW64\ntdll.dll [1084:1516] 00000000722375f0 Thread C:\windows\SysWOW64\ntdll.dll [1084:2212] 0000000072267930 Thread C:\windows\SysWOW64\ntdll.dll [1084:4404] 0000000072d640f0 Thread C:\windows\SysWOW64\ntdll.dll [1084:2624] 0000000065a325b8 Thread C:\windows\SysWOW64\ntdll.dll [1084:1028] 0000000065a325b8 Thread C:\windows\SysWOW64\ntdll.dll [1084:3852] 0000000063d29420 Thread C:\windows\SysWOW64\ntdll.dll [1084:2744] 0000000063a4fe30 Thread C:\windows\SysWOW64\ntdll.dll [1084:5620] 0000000063b3b230 Thread C:\windows\SysWOW64\ntdll.dll [1084:4656] 000000006cc83840 Thread C:\windows\SysWOW64\ntdll.dll [1084:3296] 000000006cc834b0 Thread C:\windows\SysWOW64\ntdll.dll [1084:4928] 000000006cc83840 Thread C:\windows\SysWOW64\ntdll.dll [1084:320] 000000006cc834b0 Thread C:\windows\SysWOW64\ntdll.dll [1084:4832] 0000000065a325b8 Thread C:\windows\SysWOW64\ntdll.dll [1084:11544] 00000000512ce5b3 Thread C:\windows\SysWOW64\ntdll.dll [1084:13136] 00000000512ce5b3 Thread C:\windows\SysWOW64\ntdll.dll [1084:7496] 00000000512ce5b3 Thread C:\windows\SysWOW64\ntdll.dll [1084:8452] 00000000512ce5b3 Thread C:\windows\SysWOW64\ntdll.dll [1084:7092] 00000000512ce5b3 Thread C:\windows\SysWOW64\ntdll.dll [1084:1412] 00000000715762ee Thread C:\windows\SysWOW64\ntdll.dll [1084:13192] 0000000072fb1120 Thread C:\windows\SysWOW64\ntdll.dll [1084:12500] 00000000759142ed ---- Processes - GMER 2.1 ---- Library Q:\140066.plk\Office14\MSOSYNC.EXE (*** suspicious ***) @ Q:\140066.plk\Office14\MSOSYNC.EXE [10448] 000000002d600000 Library Q:\140066.plk\Office14\1045\ospintl.dll (*** suspicious ***) @ Q:\140066.plk\Office14\MSOSYNC.EXE [10448] 00000000685a0000 Library Q:\140066.plk\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.plk\Office14\MSOSYNC.EXE [10448] 00000000523e0000 Library Q:\140066.plk\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.plk\Office14\MSOSYNC.EXE [10448] 0000000052320000 Library Q:\140066.plk\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.plk\Office14\MSOSYNC.EXE [10448] 0000000052f50000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}\Connection@Name isatap.{59B7AA35-81B7-4D76-8F0E-CB8BF907420B} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C5ADEB24-E93B-4944-9483-A72F982C7746}\Connection@Name isatap.{D3617295-99E9-4365-8471-CE3D30C5EBB4} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{F50CC3AD-9B32-423B-AA16-F4732FBA3674}?\Device\{0DF1DF1F-9F2D-4ED1-954C-30031AC20454}?\Device\{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}?\Device\{C5ADEB24-E93B-4944-9483-A72F982C7746}?\Device\{40F57619-A332-42CF-8250-5562EE81C223}?\Device\{28FEC23A-C517-40B0-AF0C-120B16507AE2}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{F50CC3AD-9B32-423B-AA16-F4732FBA3674}"?"{0DF1DF1F-9F2D-4ED1-954C-30031AC20454}"?"{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}"?"{C5ADEB24-E93B-4944-9483-A72F982C7746}"?"{40F57619-A332-42CF-8250-5562EE81C223}"?"{28FEC23A-C517-40B0-AF0C-120B16507AE2}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{F50CC3AD-9B32-423B-AA16-F4732FBA3674}?\Device\TCPIP6TUNNEL_{0DF1DF1F-9F2D-4ED1-954C-30031AC20454}?\Device\TCPIP6TUNNEL_{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}?\Device\TCPIP6TUNNEL_{C5ADEB24-E93B-4944-9483-A72F982C7746}?\Device\TCPIP6TUNNEL_{40F57619-A332-42CF-8250-5562EE81C223}?\Device\TCPIP6TUNNEL_{28FEC23A-C517-40B0-AF0C-120B16507AE2}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e043b6 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e043b6@e4b0212f48dd 0xE7 0x86 0x2F 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e043b6@08fc886b71df 0xDE 0xA5 0x1A 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e043b6@bc79ad8d0ee0 0xED 0xE8 0x6B 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9e043b6@00a09631f60b 0xCF 0xF7 0x65 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}@InterfaceName isatap.{59B7AA35-81B7-4D76-8F0E-CB8BF907420B} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{B0ABE7EB-58B2-4CCC-BD4B-F820E947CE9D}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5ADEB24-E93B-4944-9483-A72F982C7746}@InterfaceName isatap.{D3617295-99E9-4365-8471-CE3D30C5EBB4} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5ADEB24-E93B-4944-9483-A72F982C7746}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 821174 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e043b6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e043b6@e4b0212f48dd 0xE7 0x86 0x2F 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e043b6@08fc886b71df 0xDE 0xA5 0x1A 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e043b6@bc79ad8d0ee0 0xED 0xE8 0x6B 0xCB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9e043b6@00a09631f60b 0xCF 0xF7 0x65 0x52 ... ---- EOF - GMER 2.1 ----