GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-06 15:39:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 CT250BX100SSD1 rev.MU02 232,89GB Running: rnvgpgzt.exe; Driver: C:\Users\CZOWIE~1\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000125b00 7 bytes [40, 48, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000125b08 3 bytes [C0, 06, 02] .text ... * 106 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 484 fffff960001ee1cc 15 bytes [48, B8, 7C, E1, 4D, 04, 80, ...] ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 3 bytes [B8, B4, 74] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 5 0000000077152175 8 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 08] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 08, 00] .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007703ba0d 14 bytes [B8, EC, 7A, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 000000007703c63d 3 bytes [B8, 28, 76] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 5 000000007703c641 14 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000077040b8d 12 bytes [B8, 24, 81, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000770439c1 3 bytes [B8, A8, 10] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!PeekMessageA + 5 00000000770439c5 10 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 00000000770447ec 15 bytes [48, B8, 00, 80, 08, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000077044fb1 3 bytes [B8, 28, 77] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetKeyState + 5 0000000077044fb5 14 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000077046101 14 bytes [B8, 08, 10, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000077048ff5 3 bytes [B8, 00, 11] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!PeekMessageW + 5 0000000077048ff9 10 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetMessageW 0000000077049e74 12 bytes [48, B8, 58, 10, 08, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000077058959 14 bytes [B8, 8C, A9, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000770589c0 6 bytes [48, B8, 28, 78, 08, 00] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 00000000770589c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetRawInputData 000000007705afb0 6 bytes [48, B8, EC, 74, 08, 00] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetRawInputData + 8 000000007705afb8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!EndTask + 1 0000000077081639 3 bytes [B8, 34, 22] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!EndTask + 5 000000007708163d 13 bytes [00, 00, 00, 00, 00, 50, C3, ...] .text C:\Windows\system32\csrss.exe[564] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 00000000770950c1 12 bytes [B8, C0, 75, 08, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 03] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 03, 00] .text C:\Windows\system32\csrss.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007703ba0d 14 bytes [B8, EC, 7A, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 000000007703c63d 18 bytes [B8, 28, 76, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000077040b8d 12 bytes [B8, 24, 81, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000770439c1 14 bytes [B8, A8, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 00000000770447ec 15 bytes [48, B8, 00, 80, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000077044fb1 18 bytes [B8, 28, 77, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000077046101 14 bytes [B8, 08, 10, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000077048ff5 14 bytes [B8, 00, 11, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetMessageW 0000000077049e74 12 bytes [48, B8, 58, 10, 03, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000077058959 14 bytes [B8, 8C, A9, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000770589c0 6 bytes [48, B8, 28, 78, 03, 00] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 00000000770589c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetRawInputData 000000007705afb0 6 bytes [48, B8, EC, 74, 03, 00] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetRawInputData + 8 000000007705afb8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!EndTask + 1 0000000077081639 17 bytes [B8, 34, 22, 03, 00, 00, 00, ...] .text C:\Windows\system32\csrss.exe[784] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 00000000770950c1 12 bytes [B8, C0, 75, 03, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 05] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 05, 00] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 8 bytes [48, B8, 98, 93, 05, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefd246d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 05, 00, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[1820] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 05, 00, 00, ...] .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef904dc88 5 bytes JMP 000007fef8dd00d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef904de10 5 bytes JMP 000007fef8dd0110 .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 06] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Windows\Explorer.EXE[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 8 bytes [48, B8, 98, 93, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefd246d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 06, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 06, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\samcli.dll!NetUserSetInfo + 1 000007fefaa868bd 1 byte [B8] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\samcli.dll!NetUserSetInfo + 3 000007fefaa868bf 12 bytes [26, 06, 00, 00, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[1976] C:\Windows\system32\samcli.dll!NetUserChangePassword 000007fefaa87e18 15 bytes [48, B8, 7C, 27, 06, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 11 bytes JMP 000007fefd180228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3616] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 16, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 16] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 11 bytes JMP 000007fefd180228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 16, 00, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3672] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 16, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 16] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 11 bytes JMP 000007fefd180228 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Windows\System32\igfxpers.exe[3728] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 16, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007732f9f1 3 bytes [0B, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007732f9f5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007732fc61 3 bytes [45, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007732fc65 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077330049 3 bytes [88, 11, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007733004d 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000773300c5 3 bytes [08, 1A, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773300c9 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077330399 3 bytes [68, 1C, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007733039d 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000773303c9 3 bytes [96, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000773303cd 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000773303e1 3 bytes [E0, 1B, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000773303e5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077330561 3 bytes [34, 1D, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077330565 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000773306a5 3 bytes [E2, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000773306a9 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000773318d1 3 bytes [BC, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000773318d5 2 bytes [50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007734c0f0 7 bytes [B8, 3D, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007734c99d 8 bytes [B8, 6F, 84, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000072855160 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 00000000728557a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d91409 7 bytes JMP 00000000728553b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea5d 7 bytes JMP 0000000072855150 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e290c4 7 bytes JMP 0000000072854780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e29149 5 bytes JMP 0000000072854960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2949f 5 bytes JMP 0000000072854790 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 00000000728546a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 00000000728545b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000000888c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 00000000728542a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ba78e2 8 bytes [B8, EB, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ba7bd3 8 bytes [B8, A3, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ba8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ba8a29 5 bytes JMP 0000000072853770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ba8b52 8 bytes [B8, E6, 5B, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bb05d2 11 bytes [B8, 7E, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075bb2797 11 bytes [B8, 1E, 78, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075bb4713 7 bytes [B8, 71, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075bb47e6 3 bytes [CB, 78, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075bb47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bb5645 5 bytes JMP 0000000072854220 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bb7044 11 bytes [B8, 33, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075bb71e0 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bb7355 12 bytes [B8, 6C, 79, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075bce67f 8 bytes [B8, 0A, 74, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bcf631 5 bytes JMP 0000000072854290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bf0867 5 bytes JMP 00000000728535b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075bf8208 11 bytes [B8, CA, 56, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c07af4 5 bytes JMP 0000000072854200 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075c08408 3 bytes [2D, 56, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075c0840c 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075c0a887 3 bytes [4F, 19, 05] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075c0a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007565e74f 5 bytes JMP 00000000728538b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007565e989 5 bytes JMP 00000000728538c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075775e75 5 bytes JMP 0000000072853730 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007579546d 10 bytes [B8, 50, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000757a9cbb 5 bytes JMP 00000000000587bd .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000757a9cfe 9 bytes [B8, 2A, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3812] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000074ed3a1d 7 bytes [B8, 37, 74, 05, 00, 50, C3] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 16] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 16, 00] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 8 bytes [48, B8, 98, 93, 16, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\system32\ole32.dll!CoCreateInstance + 10 000007fefd246d1a 8 bytes [50, C3, 90, 90, 90, 90, 90, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 16, 00, 00, 00, ...] .text C:\Windows\System32\hkcmd.exe[3408] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 16, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 17] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 17, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 11 bytes JMP 000007fefd180228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 17, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3444] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 17, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007732f9f1 3 bytes [0B, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007732f9f5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007732fc61 3 bytes [45, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007732fc65 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077330049 3 bytes [88, 11, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007733004d 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000773300c5 3 bytes [08, 1A, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773300c9 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077330399 3 bytes [68, 1C, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007733039d 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000773303c9 3 bytes [96, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000773303cd 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000773303e1 3 bytes [E0, 1B, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000773303e5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077330561 3 bytes [34, 1D, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077330565 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000773306a5 3 bytes [E2, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000773306a9 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000773318d1 3 bytes [BC, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000773318d5 2 bytes [50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007734c0f0 7 bytes [B8, 3D, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007734c99d 8 bytes [B8, 6F, 84, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000072855160 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 00000000728557a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d91409 7 bytes JMP 00000000728553b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea5d 7 bytes JMP 0000000072855150 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e290c4 7 bytes JMP 0000000072854780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e29149 5 bytes JMP 0000000072854960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2949f 5 bytes JMP 0000000072854790 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 00000000728546a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 00000000728545b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072854970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 00000000728542a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007565e74f 5 bytes JMP 00000000728538b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007565e989 5 bytes JMP 00000000728538c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ba78e2 8 bytes [B8, EB, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ba7bd3 8 bytes [B8, A3, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ba8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ba8a29 5 bytes JMP 0000000072853770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ba8b52 8 bytes [B8, E6, 5B, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bb05d2 11 bytes [B8, 7E, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075bb2797 11 bytes [B8, 1E, 78, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075bb4713 7 bytes [B8, 71, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075bb47e6 3 bytes [CB, 78, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075bb47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bb5645 5 bytes JMP 0000000072854220 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bb7044 11 bytes [B8, 33, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075bb71e0 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bb7355 12 bytes [B8, 6C, 79, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075bce67f 8 bytes [B8, 0A, 74, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bcf631 5 bytes JMP 0000000072854290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bf0867 5 bytes JMP 00000000728535b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075bf8208 11 bytes [B8, CA, 56, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c07af4 5 bytes JMP 0000000072854200 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075c08408 3 bytes [2D, 56, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075c0840c 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075c0a887 3 bytes [4F, 19, 05] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075c0a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075775e75 5 bytes JMP 0000000072853730 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007579546d 10 bytes [B8, 50, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000757a9cbb 5 bytes JMP 00000000000587bd .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000757a9cfe 9 bytes [B8, 2A, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000074ed3a1d 7 bytes [B8, 37, 74, 05, 00, 50, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000728f1003 2 bytes [8F, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3212] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000728f1016 2 bytes [8F, 72] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 06, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 18 bytes JMP 000007fefd180228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3756] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 06, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 18 bytes JMP 000007fefd180228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007732f9f1 3 bytes [0B, 1D, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007732f9f5 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007732fc61 3 bytes [45, 1D, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007732fc65 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077330049 3 bytes [88, 11, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007733004d 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000773300c5 3 bytes [08, 1A, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773300c9 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077330399 3 bytes [68, 1C, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007733039d 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000773303c9 3 bytes [96, 19, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000773303cd 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000773303e1 3 bytes [E0, 1B, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000773303e5 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077330561 3 bytes [34, 1D, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077330565 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000773306a5 3 bytes [E2, 19, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000773306a9 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000773318d1 3 bytes [BC, 19, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000773318d5 2 bytes [50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007734c0f0 7 bytes [B8, 3D, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007734c99d 8 bytes [B8, 6F, 84, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000072855160 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 00000000728557a0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d91409 7 bytes JMP 00000000728553b0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea5d 7 bytes JMP 0000000072855150 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e290c4 7 bytes JMP 0000000072854780 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e29149 5 bytes JMP 0000000072854960 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2949f 5 bytes JMP 0000000072854790 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 00000000728546a0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 00000000728545b0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072854970 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 00000000728542a0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ba78e2 8 bytes [B8, EB, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ba7bd3 8 bytes [B8, A3, 1D, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ba8332 7 bytes [B8, DD, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ba8a29 5 bytes JMP 0000000072853770 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ba8b52 8 bytes [B8, E6, 5B, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bb05d2 11 bytes [B8, 7E, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075bb2797 11 bytes [B8, 1E, 78, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075bb4713 7 bytes [B8, 71, 77, 05, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075bb47e6 3 bytes [CB, 78, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075bb47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bb5645 5 bytes JMP 0000000072854220 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bb7044 11 bytes [B8, 33, 1E, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075bb71e0 7 bytes [B8, B7, 18, 05, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bb7355 12 bytes [B8, 6C, 79, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075bce67f 8 bytes [B8, 0A, 74, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bcf631 5 bytes JMP 0000000072854290 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bf0867 5 bytes JMP 00000000728535b0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075bf8208 11 bytes [B8, CA, 56, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c07af4 5 bytes JMP 0000000072854200 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075c08408 3 bytes [2D, 56, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075c0840c 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075c0a887 3 bytes [4F, 19, 05] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075c0a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007565e74f 5 bytes JMP 00000000728538b0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007565e989 5 bytes JMP 00000000728538c0 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075775e75 5 bytes JMP 0000000072853730 .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007579546d 10 bytes [B8, 50, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000757a9cbb 5 bytes JMP 00000000000587bd .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000757a9cfe 9 bytes [B8, 2A, 6A, 05, 00, 50, C3, ...] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000074ed3a1d 7 bytes [B8, 37, 74, 05, 00, 50, C3] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000728f1003 2 bytes [8F, 72] .text C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe[3772] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000728f1016 2 bytes [8F, 72] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 06] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 06, 00] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 06, 00, 00, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 18 bytes JMP 000007fefd180228 .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 06, 00, 00, 00, ...] .text C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe[2784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 1 0000000077152171 12 bytes [B8, B4, 74, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077155be1 14 bytes [B8, C4, 73, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007717bc20 5 bytes [48, B8, A4, 2A, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007717bc28 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717bdb0 5 bytes [48, B8, 18, 2C, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007717bdb8 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007717c030 5 bytes [48, B8, 78, 13, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 8 000000007717c038 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007717c080 5 bytes [48, B8, 9C, 24, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007717c088 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort 000000007717c250 5 bytes [48, B8, 54, 29, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcAcceptConnectPort + 8 000000007717c258 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007717c270 5 bytes [48, B8, AC, 22, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 8 000000007717c278 13 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 8 000000007717c288 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007717c380 5 bytes [48, B8, 3C, 2B, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 8 000000007717c388 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007717c450 5 bytes [48, B8, 0C, 24, 01] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 8 000000007717c458 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007717d020 6 bytes [48, B8, 68, 23, 01, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 8 000000007717d028 8 bytes [00, 00, 50, C3, 90, 90, 90, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f1a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f23f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076f29020 13 bytes {MOV R11, 0x7fee07c4424; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f3ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f4f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f79c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f89710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fa8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b32f0 7 bytes JMP 000007fefd1800d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1baa60 5 bytes JMP 000007fefd180180 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1bac00 5 bytes JMP 000007fefd180110 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1c9ac0 5 bytes JMP 000007fefd180148 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077036c10 5 bytes JMP 000000006fff02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007703a510 5 bytes JMP 000000006fff0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000000007703ba0d 14 bytes [B8, EC, 7A, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 1 000000007703c63d 18 bytes [B8, 28, 76, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000770407bc 7 bytes JMP 000000006fff0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!PostThreadMessageW + 121 0000000077040b8d 12 bytes [B8, 24, 81, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00000000770439c1 14 bytes [B8, A8, 10, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!IsProcessDPIAware + 364 00000000770447ec 15 bytes [48, B8, 00, 80, 01, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetKeyState + 1 0000000077044fb1 18 bytes [B8, 28, 77, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetMessageA + 1 0000000077046101 14 bytes [B8, 08, 10, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!PeekMessageW + 1 0000000077048ff5 14 bytes [B8, 00, 11, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetMessageW 0000000077049e74 12 bytes [48, B8, 58, 10, 01, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000000007704cd04 9 bytes JMP 000000006fff0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetLastActivePopup + 93 0000000077058959 14 bytes [B8, 8C, A9, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000770589c0 6 bytes [48, B8, 28, 78, 01, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetKeyboardState + 8 00000000770589c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetRawInputData 000000007705afb0 6 bytes [48, B8, EC, 74, 01, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetRawInputData + 8 000000007705afb8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077080724 5 bytes JMP 000000006fff0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!EndTask + 1 0000000077081639 17 bytes [B8, 34, 22, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\USER32.dll!GetRawInputBuffer + 1 00000000770950c1 12 bytes [B8, C0, 75, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefec58830 8 bytes JMP 000007fefd1801f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefec5b9e0 8 bytes JMP 000007fefd1801b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\MSCTF.dll!TF_Notify 000007feff331c78 14 bytes [48, B8, C8, A9, 01, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007fefd22d871 14 bytes [B8, 28, 94, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd246d10 18 bytes JMP 000007fefd180228 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\ole32.dll!CoGetClassObject + 1 000007fefd2524f9 14 bytes [B8, 98, 94, 01, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd25b4f0 7 bytes JMP 000007fefd180260 .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\SAMCLI.DLL!NetUserSetInfo + 1 000007fefaa868bd 1 byte [B8] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\SAMCLI.DLL!NetUserSetInfo + 3 000007fefaa868bf 12 bytes [26, 01, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Mozilla Firefox\firefox.exe[5080] C:\Windows\system32\SAMCLI.DLL!NetUserChangePassword 000007fefaa87e18 15 bytes [48, B8, 7C, 27, 01, 00, 00, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtClose + 1 000000007732f9f1 3 bytes [0B, 1D, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtClose + 5 000000007732f9f5 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 1 000000007732fc61 3 bytes [45, 1D, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007732fc65 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 1 0000000077330049 3 bytes [88, 11, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory + 5 000000007733004d 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 1 00000000773300c5 3 bytes [08, 1A, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000773300c9 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 1 0000000077330399 3 bytes [68, 1C, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcAcceptConnectPort + 5 000000007733039d 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 1 00000000773303c9 3 bytes [96, 19, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 5 00000000773303cd 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 1 00000000773303e1 3 bytes [E0, 1B, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 5 00000000773303e5 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 1 0000000077330561 3 bytes [34, 1D, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 5 0000000077330565 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 1 00000000773306a5 3 bytes [E2, 19, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 5 00000000773306a9 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 1 00000000773318d1 3 bytes [BC, 19, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtSecureConnectPort + 5 00000000773318d5 2 bytes [50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 000000007734c0f0 7 bytes [B8, 3D, 77, 19, 00, 50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007734c99d 8 bytes [B8, 6F, 84, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000072855160 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 00000000728557a0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d91409 7 bytes JMP 00000000728553b0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea5d 7 bytes JMP 0000000072855150 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e290c4 7 bytes JMP 0000000072854780 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e29149 5 bytes JMP 0000000072854960 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2949f 5 bytes JMP 0000000072854790 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000769e1e4c 5 bytes JMP 00000000728546a0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000769e1efa 5 bytes JMP 00000000728545b0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000769e2bdc 5 bytes JMP 0000000072854970 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000769e2e7e 5 bytes JMP 00000000728542a0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007565e74f 5 bytes JMP 00000000728538b0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007565e989 5 bytes JMP 00000000728538c0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075ba78e2 8 bytes [B8, EB, 1D, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075ba7bd3 8 bytes [B8, A3, 1D, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075ba8332 7 bytes [B8, DD, 18, 19, 00, 50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!RegisterClassW + 237 0000000075ba8b52 8 bytes [B8, E6, 5B, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bb05d2 11 bytes [B8, 7E, 1E, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075bb2797 11 bytes [B8, 1E, 78, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075bb4713 7 bytes [B8, 71, 77, 19, 00, 50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 1 0000000075bb47e6 3 bytes [CB, 78, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 5 0000000075bb47ea 5 bytes [50, C3, 90, 90, 90] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bb5645 5 bytes JMP 0000000072854220 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bb7044 11 bytes [B8, 33, 1E, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075bb71e0 7 bytes [B8, B7, 18, 19, 00, 50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bb7355 12 bytes [B8, 6C, 79, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!ScrollWindowEx + 84 0000000075bce67f 8 bytes [B8, 0A, 74, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bcf631 5 bytes JMP 0000000072854290 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bf0867 5 bytes JMP 00000000728535b0 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetRawInputBuffer 0000000075bf8208 11 bytes [B8, CA, 56, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c07af4 5 bytes JMP 0000000072854200 .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetRawInputData + 1 0000000075c08408 3 bytes [2D, 56, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!GetRawInputData + 5 0000000075c0840c 5 bytes [50, C3, 90, 90, 90] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!EndTask + 1 0000000075c0a887 3 bytes [4F, 19, 19] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\USER32.dll!EndTask + 5 0000000075c0a88b 5 bytes [50, C3, 90, 90, 90] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\MSCTF.dll!TF_Notify 0000000074ed3a1d 7 bytes [B8, 37, 74, 19, 00, 50, C3] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000728f1003 2 bytes [8F, 72] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000728f1016 2 bytes [8F, 72] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\ole32.dll!CoGetClassObject 000000007579546d 10 bytes [B8, 50, 6A, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000757a9cbb 8 bytes [B8, BD, 87, 19, 00, 50, C3, ...] .text C:\Pobrane\rnvgpgzt.exe[2756] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000757a9cfe 9 bytes [B8, 2A, 6A, 19, 00, 50, C3, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IofCompleteRequest] [fffff880044e5000] \??\C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [.text] ---- EOF - GMER 2.2 ----