GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-03 23:03:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698.64GB Running: v6se95dh.exe; Driver: C:\Users\Daria\AppData\Local\Temp\uftciaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2332f0 7 bytes JMP 000007fefd1e00d8 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd23aa60 5 bytes JMP 000007fefd1e0180 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd23ac00 5 bytes JMP 000007fefd1e0110 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd249ac0 5 bytes JMP 000007fefd1e0148 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9389d0 8 bytes JMP 000007fefd1e01f0 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd93be40 8 bytes JMP 000007fefd1e01b8 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9c4dc88 5 bytes JMP 000007fef9c200d8 .text C:\Windows\system32\Dwm.exe[2228] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9c4de10 5 bytes JMP 000007fef9c20110 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076db1228 5 bytes JMP 0000000070bb64a0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076db4206 5 bytes JMP 0000000070bb64f0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!GetGestureInfo 0000000076de8982 5 bytes JMP 0000000070bb6210 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe[2360] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe[2548] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3504] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000000a98d78 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3640] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Windows\SysWOW64\ACEngSvr.exe[3696] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076738791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[3968] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[3960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000655a11a8 2 bytes [5A, 65] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000655a127d 2 bytes CALL 767314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000655a1310 2 bytes CALL 767314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000655a13a8 2 bytes [5A, 65] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000655a1422 2 bytes [5A, 65] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4164] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000655a1498 2 bytes [5A, 65] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4224] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4232] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4248] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4272] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4280] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4288] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\PDF24\pdf24.exe[4296] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Users\Daria\AppData\Local\Akamai\netsession_win.exe[4648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[4936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\DHI\2012\bin\LicSvcLoc.exe[5232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6356] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[6420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes JMP 7675b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes JMP 7675b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes JMP 767d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes CALL 767348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes JMP 767d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes JMP 767d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes JMP 767d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes JMP 767d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes JMP 7674fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes JMP 76756937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes JMP 767d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes JMP 767d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes JMP 767d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes JMP 7674fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes JMP 7675b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes JMP 767d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes JMP 767d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076da8a39 5 bytes JMP 0000000072712bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075725e75 5 bytes JMP 0000000072712b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075759cbb 5 bytes JMP 0000000072712b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5352] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770aa3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770b3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter + 1 00000000770b9011 11 bytes {MOV EAX, 0xffffffffde304d28; INC BYTE [RDI]; ADD [RAX], AL; JMP RAX} .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770cfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770df3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077109c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077119700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077138aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2332f0 7 bytes JMP 000007fefd1e00d8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd23aa60 5 bytes JMP 000007fefd1e0180 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd23ac00 5 bytes JMP 000007fefd1e0110 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd249ac0 5 bytes JMP 000007fefd1e0148 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9389d0 8 bytes JMP 000007fefd1e01f0 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd93be40 8 bytes JMP 000007fefd1e01b8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00000000771c6c6c 5 bytes JMP 000000006fff02d0 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00000000771ca5a0 1 byte JMP 000000006fff0298 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA + 2 00000000771ca5a2 3 bytes {JMP 0xfffffffff8e25cf8} .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!RegisterClipboardFormatA 00000000771cc604 6 bytes JMP 00000000371c0178 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!RegisterClipboardFormatW 00000000771cf364 9 bytes JMP 00000000371c01d8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000771d0800 7 bytes JMP 000000006fff0340 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!BeginPaint 00000000771d6e70 8 bytes JMP 00000000371c0238 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000771dcd24 9 bytes JMP 000000006fff0260 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!ValidateRect 00000000771df530 8 bytes JMP 00000000371c0298 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077210790 5 bytes JMP 000000006fff0308 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff116d10 11 bytes JMP 000007fefd1e0228 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff12b4f0 7 bytes JMP 000007fefd1e0260 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007feff2472f0 5 bytes JMP 000007febf240178 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefd7a1180 5 bytes JMP 000007febf2402f8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefd7a1320 7 bytes JMP 000007febf240238 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefd7a4470 6 bytes JMP 000007febf2401d8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefd7a6720 10 bytes JMP 000007febf240298 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9c4dc88 5 bytes JMP 000007fef9c200d8 .text C:\Program Files\Microsoft Office\Office15\WINWORD.EXE[6120] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9c4de10 5 bytes JMP 000007fef9c20110 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076731f0e 7 bytes JMP 0000000072713cf0 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076735bad 7 bytes JMP 0000000072714330 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076741431 7 bytes JMP 0000000072713f40 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007674ea85 7 bytes JMP 0000000072713ce0 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767d906c 7 bytes JMP 0000000072713760 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767d90f1 5 bytes JMP 0000000072713810 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767d9447 5 bytes JMP 0000000072713770 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000753e1e4c 5 bytes JMP 0000000072713720 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000753e1efa 5 bytes JMP 00000000727136e0 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000753e2bdc 5 bytes JMP 0000000072713820 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000753e2e7e 5 bytes JMP 0000000072713520 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076ead2b4 5 bytes JMP 0000000072712d00 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ead4ee 5 bytes JMP 0000000072712d10 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076db4582 5 bytes JMP 00000000727134a0 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dce587 5 bytes JMP 0000000072713510 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076df08ab 5 bytes JMP 0000000072712a00 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076e07b24 5 bytes JMP 0000000072713480 .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072741003 2 bytes [74, 72] .text C:\Users\Daria\Downloads\v6se95dh.exe[2044] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072741016 2 bytes [74, 72] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e5434158f3 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e5434158f3 (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Daria\AppData\Local\Microsoft\Office\OTeleData_6120_4.etl 65536 bytes ---- EOF - GMER 2.2 ----