GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-11 19:04:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000042 ST9750420AS rev.0001SDM5 698,64GB Running: ke26lrud.exe; Driver: C:\Users\ASUS\AppData\Local\Temp\agdcqfob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\dwm.exe[416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a04c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb2ddf2100 5 bytes JMP 000007fc2c7a0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb2de05d4c 7 bytes JMP 000007fc2c7a0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb29851532 4 bytes [85, 29, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb2985153a 4 bytes [85, 29, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1064] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb2985165a 4 bytes [85, 29, FB, 07] .text C:\Windows\system32\nvvsvc.exe[1072] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb29851532 4 bytes [85, 29, FB, 07] .text C:\Windows\system32\nvvsvc.exe[1072] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb2985153a 4 bytes [85, 29, FB, 07] .text C:\Windows\system32\nvvsvc.exe[1072] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb2985165a 4 bytes [85, 29, FB, 07] .text C:\Windows\system32\nvvsvc.exe[1072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2f7a177a 4 bytes [7A, 2F, FB, 07] .text C:\Windows\system32\nvvsvc.exe[1072] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2f7a1782 4 bytes [7A, 2F, FB, 07] .text C:\Windows\Explorer.EXE[1640] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\Explorer.EXE[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\Explorer.EXE[1640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\Explorer.EXE[1640] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\Explorer.EXE[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\taskhostex.exe[1364] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\DllHost.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0500 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a0458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a04c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb29851532 4 bytes [85, 29, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb2985153a 4 bytes [85, 29, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb2985165a 4 bytes [85, 29, FB, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb2ddf2100 5 bytes JMP 000007fc2c7a0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2428] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb2de05d4c 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0500 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a04c8 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb2ddf2100 5 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\igfxEM.exe[3348] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb2de05d4c 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0500 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a04c8 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb2ddf2100 5 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\igfxHK.exe[3372] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb2de05d4c 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\igfxTray.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\igfxTray.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\igfxTray.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\igfxTray.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\igfxTray.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4468] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb2f7a177a 4 bytes [7A, 2F, FB, 07] .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4468] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb2f7a1782 4 bytes [7A, 2F, FB, 07] .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0308 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a03b0 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0298 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0228 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a0378 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0490 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a03e8 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a0458 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0420 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Windows\System32\RuntimeBroker.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 000007fb2f7b2cd0 5 bytes JMP 000007fb2f990016 .text C:\Windows\System32\RuntimeBroker.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 000007fb2f7b2ef0 2 bytes JMP 000007fb2f9a0016 .text C:\Windows\System32\RuntimeBroker.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 3 000007fb2f7b2ef3 2 bytes [1E, 00] .text C:\Windows\System32\RuntimeBroker.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000007fb2f7b30c0 5 bytes JMP 000007fb2f980016 .text C:\Windows\System32\RuntimeBroker.exe[6112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000007fb2f7b3711 5 bytes JMP 000007fb2f970016 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb2dcc6764 9 bytes JMP 000007fc2c7a0308 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb2dcdd000 8 bytes JMP 000007fc2c7a03b0 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb2dce4890 7 bytes JMP 000007fc2c7a0340 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb2dced8f8 7 bytes JMP 000007fc2c7a0260 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb2dcfb1a4 7 bytes JMP 000007fc2c7a0298 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb2dcfb214 7 bytes JMP 000007fc2c7a02d0 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb2dcfb238 8 bytes JMP 000007fc2c7a0228 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb2dcfb87c 8 bytes JMP 000007fc2c7a0378 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb2c802850 1 byte JMP 000007fc2c7a00d8 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fb2c802852 5 bytes {JMP 0xfffffffffff9d888} .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb2c802898 5 bytes JMP 000007fc2c7a0180 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb2c8070e0 6 bytes JMP 000007fc2c7a0148 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb2c8073fc 5 bytes JMP 000007fc2c7a0110 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb2d9a10b0 8 bytes JMP 000007fc2c7a01f0 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb2d9b11b0 8 bytes JMP 000007fc2c7a01b8 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb2d5ac5b0 7 bytes JMP 000007fc2c7a0490 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb2d5b31f0 9 bytes JMP 000007fc2c7a03e8 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb2d5b33e0 5 bytes JMP 000007fc2c7a0458 .text C:\Windows\System32\Taskmgr.exe[6372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb2d5b7160 5 bytes JMP 000007fc2c7a0420