GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-02 10:17:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TS128GSSD370S rev.N1114H 119,24GB Running: fjkq19bv.exe; Driver: C:\Users\Daro\AppData\Local\Temp\fftciaod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800459dd8c 12 bytes {MOV RAX, 0xfffffa800d8592a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Av\avgfws.exe[2704] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2816] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074f92bcd 5 bytes JMP 00000000009b8d78 .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\Steam.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe[1732] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe[2580] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3504] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgnsa.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgemca.exe[2080] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\MSI\Live Update\Live Update.exe[3996] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073a417fa 2 bytes CALL 74dd11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073a41860 2 bytes CALL 74dd11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073a41942 2 bytes JMP 75817089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4448] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073a4194d 2 bytes JMP 7581cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073a417fa 2 bytes CALL 74dd11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073a41860 2 bytes CALL 74dd11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073a41942 2 bytes JMP 75817089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073a4194d 2 bytes JMP 7581cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[4600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4632] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[4712] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4924] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\AVG\Av\avgui.exe[5048] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\MSI\Smart Utilities\SuperRAIDSvc.exe[4472] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe[4672] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5316] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5476] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\SearchIndexer.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\conhost.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[3416] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[6228] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\GWX\GWX.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\TEMP\irstrtsv\scrncap.exe[6572] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\System32\svchost.exe[6740] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6980] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[7364] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[7656] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[8084] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[7668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[5564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\Daro\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[8432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Windows\SysWOW64\ctfmon.exe[9572] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[7264] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2396] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe[6332] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe[3904] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe[10040] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772dfa51 7 bytes {MOV EDX, 0x4a5ae8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000772dfacd 7 bytes {MOV EDX, 0x4a59a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000772dfbe5 7 bytes {MOV EDX, 0x4a5968; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfc95 7 bytes {MOV EDX, 0x4a5b28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfcc5 7 bytes {MOV EDX, 0x4a5a68; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfcdd 7 bytes {MOV EDX, 0x4a5928; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 12 bytes JMP 00000000739325c0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfd25 7 bytes {MOV EDX, 0x4a5c28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfda5 7 bytes {MOV EDX, 0x4a5ba8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfdbd 7 bytes {MOV EDX, 0x4a5b68; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfe09 7 bytes {MOV EDX, 0x4a5868; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 0000000073932420 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dff01 7 bytes {MOV EDX, 0x4a58a8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 0000000073932880 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 0000000073932780 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0159 7 bytes {MOV EDX, 0x4a5828; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000739328a0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000772e10bd 7 bytes {MOV EDX, 0x4a59e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e1165 7 bytes {MOV EDX, 0x4a5aa8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e11dd 7 bytes {MOV EDX, 0x4a5a28; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e13e1 7 bytes {MOV EDX, 0x4a58e8; JMP RDX} .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 74dfb233 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 74dfb35e C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 74e79011 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 74dd48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 74e7890a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 74e78ae0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 74e78800 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 74e78bca C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 74defcc0 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 74df6907 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 74e790c9 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 74e78c2a C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 74e787c4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 74defd59 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 74dfb2f4 C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 74e78f8c C:\Windows\syswow64\kernel32.dll .text D:\Gry\Steam\bin\steamwebhelper.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 74e78759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[7540] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[9732] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007712d630 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007712d750 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007712d7b0 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007712d830 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007712d8d0 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007712dd80 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007712de10 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007712de80 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007712e340 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007712e390 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[9688] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000077184240 5 bytes JMP 0000000000020568 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000772dfcf0 5 bytes JMP 00000000739325c0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000772dfd20 5 bytes JMP 00000000003c012a .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772dfd50 5 bytes JMP 00000000003c0bc2 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000772dfeb4 5 bytes JMP 00000000003c0048 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 00000000772dff30 5 bytes JMP 00000000003c0e68 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000772dff48 5 bytes JMP 00000000003c0594 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000772dffc4 5 bytes JMP 00000000003c0f4a .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772e0014 5 bytes JMP 0000000073932860 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772e00a4 5 bytes JMP 00000000003c0758 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772e00d8 5 bytes JMP 00000000003c0ca4 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000772e0108 5 bytes JMP 00000000003c0d86 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772e0124 5 bytes JMP 0000000000250050 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000772e0388 5 bytes JMP 00000000003c020c .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772e083c 5 bytes JMP 00000000003c03d0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772e0914 5 bytes JMP 00000000739328e0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772e092c 2 bytes JMP 00000000003c09fe .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 3 00000000772e092f 2 bytes [0E, 89] .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772e0944 5 bytes JMP 00000000003c091c .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772e09bc 5 bytes JMP 0000000073932920 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772e0e94 5 bytes JMP 00000000003c0676 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 00000000772e1118 5 bytes JMP 00000000739328c0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 00000000772e1190 5 bytes JMP 0000000073932900 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000772e1674 5 bytes JMP 00000000003c02ee .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772e19c0 5 bytes JMP 00000000003c083a .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772e1c84 5 bytes JMP 00000000003c0ae0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000772e1e10 5 bytes JMP 00000000003c04b2 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 0000000077380e9d 5 bytes JMP 00000000739329b0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000755d524f 7 bytes JMP 00000000003d03d8 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000755d53d0 7 bytes JMP 00000000003d0684 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000755d5677 7 bytes JMP 00000000003d04bc .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000755d589a 7 bytes JMP 00000000003d012c .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000755d5a1d 7 bytes JMP 00000000003d084c .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000755d5c9b 7 bytes JMP 00000000003d05a0 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000755d5d87 7 bytes JMP 00000000003d0768 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000755d7240 7 bytes JMP 00000000003d02f4 .text C:\Users\Daro\Desktop\fjkq19bv.exe[7144] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076e21566 7 bytes JMP 00000000003d0930 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001104650] \SystemRoot\System32\Drivers\spef.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880011045dc] \SystemRoot\System32\Drivers\spef.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010cf35c] \SystemRoot\System32\Drivers\spef.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010cf224] \SystemRoot\System32\Drivers\spef.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010cfa24] \SystemRoot\System32\Drivers\spef.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010cfba0] \SystemRoot\System32\Drivers\spef.sys [unknown section] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800c7232c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800c7232c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800c7232c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800c7232c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa800c7232c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa800c7232c0 Device \Driver\al9e8ond \Device\Scsi\al9e8ond1 fffffa800d8492c0 Device \Driver\al9e8ond \Device\Scsi\al9e8ond1Port3Path0Target0Lun0 fffffa800d8492c0 Device \FileSystem\Ntfs \Ntfs fffffa800c92b2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800d8672c0 Device \Driver\cdrom \Device\CdRom0 fffffa800dfbf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CE5EEB37-641F-4312-9C3F-EC588873D54A} fffffa800d4fd2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800d8672c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800d8672c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa800c7172c0 Device \Driver\volmgr \Device\FtControl fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa800c7172c0 Device \Driver\volmgr \Device\VolMgrControl fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume5 fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume6 fffffa800c7172c0 Device \Driver\volmgr \Device\HarddiskVolume7 fffffa800c7172c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800d4fd2c0 Device \Driver\volmgr \Device\HarddiskVolume8 fffffa800c7172c0 Device \Driver\atapi \Device\ScsiPort0 fffffa800c7232c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800d8672c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800c7232c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800c7232c0 Device \Driver\al9e8ond \Device\ScsiPort3 fffffa800d8492c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800c7232c0]<< spef.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa800c7232c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d1dd060] fffffa800d1dd060 Trace 3 CLASSPNP.SYS[fffff880013d143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800cebc060] fffffa800cebc060 Trace \Driver\atapi[0xfffffa800ce5ab30] -> IRP_MJ_CREATE -> 0xfffffa800c7232c0 fffffa800c7232c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\al9e8ond.SYS fffff88004600000-fffff88004645000 (282624 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE6 0x84 0xC6 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x10 0x74 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x8D 0xCF 0x33 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE6 0x84 0xC6 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB3 0x10 0x74 0x42 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x70 0x8D 0xCF 0x33 ... ---- EOF - GMER 2.2 ----