GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-27 19:11:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5 ST1000DM003-1ER162 rev.CC45 931,51GB Running: kl7y2rdp.exe; Driver: C:\Users\kimi\AppData\Local\Temp\kxldqpod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 00000000770f0134 5 bytes JMP 00000000001b06c2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000770ffb38 5 bytes JMP 00000000001b04a6 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000770ffc60 5 bytes JMP 00000000001b0398 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000770ffe24 5 bytes JMP 00000000001a0c02 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770fffb4 2 bytes JMP 00000000001b0070 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 3 00000000770fffb7 2 bytes [0B, 89] .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077100048 5 bytes JMP 00000000001a06c0 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771000c4 5 bytes JMP 00000000001b05b4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077100824 2 bytes JMP 00000000001a08dc .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess + 3 0000000077100827 2 bytes [0A, 89] .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000771008b4 5 bytes JMP 00000000001a09ea .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007710092c 5 bytes JMP 00000000001a05b2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!RtlInitializeHandleTable + 432 00000000771222fd 7 bytes JMP 00000000001a07ce .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!RtlRemoveVectoredExceptionHandler + 572 0000000077154bbc 7 bytes JMP 00000000001a0f28 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\SysWOW64\ntdll.dll!RtlGetFrame + 245 000000007717f4df 7 bytes JMP 00000000001b017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA + 568 0000000075221038 7 bytes JMP 00000000001805b2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessW + 48 000000007522106d 7 bytes JMP 0000000000190288 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19 000000007522182d 7 bytes JMP 0000000000180396 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!DuplicateHandle + 102 00000000752218c8 7 bytes JMP 00000000001804a4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!MapViewOfFile + 19 00000000752218e0 7 bytes JMP 00000000001904a4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!ReadFile + 132 0000000075223f17 7 bytes JMP 000000000018017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000075224322 7 bytes JMP 00000000001808dc .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81 00000000752249f0 7 bytes JMP 0000000000180af4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateMutexA + 19 0000000075224c46 7 bytes JMP 0000000000180d10 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 0000000075225389 1 byte JMP 0000000000180e1e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 21 000000007522538b 5 bytes {JMP 0xffffffff8af5ba95} .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!FindNextFileW + 19 00000000752254c9 7 bytes JMP 0000000000190396 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!SetProcessPriorityBoost + 48 000000007523d9bb 7 bytes JMP 0000000000180f2c .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19 000000007523d9eb 7 bytes JMP 00000000001809e6 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 000000007523eba5 7 bytes JMP 000000000019017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!SetMessageWaitingIndicator + 200 00000000752a31f4 7 bytes JMP 0000000000180c02 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!CreatePipe + 11 00000000752a48ae 7 bytes JMP 00000000001806c0 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[1344] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 00000000752a4d02 7 bytes JMP 0000000000190070 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2bdc 5 bytes JMP 0000000070b1b9fb .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2e7e 5 bytes JMP 0000000070b1ba65 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 00000000770f0134 5 bytes JMP 00000000001706c2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000770ffb38 5 bytes JMP 00000000001704a6 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000770ffc60 5 bytes JMP 0000000000170398 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000770ffe24 5 bytes JMP 0000000000160c02 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000770fffb4 2 bytes JMP 0000000000170070 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 3 00000000770fffb7 2 bytes [07, 89] .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077100048 5 bytes JMP 00000000001606c0 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000771000c4 5 bytes JMP 00000000001705b4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077100824 2 bytes JMP 00000000001608dc .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess + 3 0000000077100827 2 bytes [06, 89] .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000771008b4 5 bytes JMP 00000000001609ea .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007710092c 5 bytes JMP 00000000001605b2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!RtlInitializeHandleTable + 432 00000000771222fd 7 bytes JMP 00000000001607ce .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!RtlRemoveVectoredExceptionHandler + 572 0000000077154bbc 7 bytes JMP 0000000000160f28 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\SysWOW64\ntdll.dll!RtlGetFrame + 245 000000007717f4df 7 bytes JMP 000000000017017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA + 568 0000000075221038 7 bytes JMP 00000000001405b2 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!CreateProcessW + 48 000000007522106d 7 bytes JMP 0000000000150288 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19 000000007522182d 7 bytes JMP 0000000000140396 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!DuplicateHandle + 102 00000000752218c8 7 bytes JMP 00000000001404a4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!MapViewOfFile + 19 00000000752218e0 7 bytes JMP 00000000001504a4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!ReadFile + 132 0000000075223f17 7 bytes JMP 000000000014017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000075224322 7 bytes JMP 00000000001408dc .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81 00000000752249f0 7 bytes JMP 0000000000140af4 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!CreateMutexA + 19 0000000075224c46 7 bytes JMP 0000000000140d10 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 0000000075225389 1 byte JMP 0000000000140e1e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 21 000000007522538b 5 bytes {JMP 0xffffffff8af1ba95} .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!FindNextFileW + 19 00000000752254c9 7 bytes JMP 0000000000150396 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!SetProcessPriorityBoost + 48 000000007523d9bb 7 bytes JMP 0000000000140f2c .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19 000000007523d9eb 7 bytes JMP 00000000001409e6 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 000000007523eba5 7 bytes JMP 000000000015017e .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!SetMessageWaitingIndicator + 200 00000000752a31f4 7 bytes JMP 0000000000140c02 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!CreatePipe + 11 00000000752a48ae 7 bytes JMP 00000000001406c0 .text C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.8.1.14\NS.exe[2256] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 00000000752a4d02 7 bytes JMP 0000000000150070 .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Anti-Malware\mbamtray.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe[3880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075791401 2 bytes JMP 7524b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075791419 2 bytes JMP 7524b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075791431 2 bytes JMP 752c90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007579144a 2 bytes CALL 752248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757914dd 2 bytes JMP 752c89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757914f5 2 bytes JMP 752c8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007579150d 2 bytes JMP 752c88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075791525 2 bytes JMP 752c8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007579153d 2 bytes JMP 7523fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075791555 2 bytes JMP 75246937 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007579156d 2 bytes JMP 752c91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075791585 2 bytes JMP 752c8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007579159d 2 bytes JMP 752c88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757915b5 2 bytes JMP 7523fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757915cd 2 bytes JMP 7524b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757916b2 2 bytes JMP 752c906c C:\Windows\syswow64\kernel32.dll .text C:\Users\kimi\Downloads\kl7y2rdp.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757916bd 2 bytes JMP 752c8839 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----