GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-30 20:58:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: fd1864ih.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\kwrdipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000760e87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Windows\SysWOW64\lkcitdl.exe[1048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072841a22 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkcitdl.exe[1048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072841ad0 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkcitdl.exe[1048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072841b08 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkcitdl.exe[1048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072841bba 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkcitdl.exe[1048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072841bda 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkads.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072841a22 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkads.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072841ad0 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkads.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072841b08 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkads.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072841bba 2 bytes [84, 72] .text C:\Windows\SysWOW64\lkads.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072841bda 2 bytes [84, 72] .text C:\Windows\SysWOW64\lktsrv.exe[1956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072841a22 2 bytes [84, 72] .text C:\Windows\SysWOW64\lktsrv.exe[1956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072841ad0 2 bytes [84, 72] .text C:\Windows\SysWOW64\lktsrv.exe[1956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072841b08 2 bytes [84, 72] .text C:\Windows\SysWOW64\lktsrv.exe[1956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072841bba 2 bytes [84, 72] .text C:\Windows\SysWOW64\lktsrv.exe[1956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072841bda 2 bytes [84, 72] .text C:\Windows\SysWOW64\nisvcloc.exe[1436] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072841a22 2 bytes [84, 72] .text C:\Windows\SysWOW64\nisvcloc.exe[1436] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072841ad0 2 bytes [84, 72] .text C:\Windows\SysWOW64\nisvcloc.exe[1436] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072841b08 2 bytes [84, 72] .text C:\Windows\SysWOW64\nisvcloc.exe[1436] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072841bba 2 bytes [84, 72] .text C:\Windows\SysWOW64\nisvcloc.exe[1436] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072841bda 2 bytes [84, 72] .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef83d4da4 7 bytes JMP 000007fff83c00d8 .text C:\Windows\system32\Dwm.exe[2400] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef83f9af4 7 bytes JMP 000007fff83c0110 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Windows\System32\igfxpers.exe[2908] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2932] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[3024] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Users\Patryk\Local Settings\Apps\F.lux\flux.exe[2508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[2548] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[2736] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3948] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3480] entry point in ".rdata" section 000000006d5071e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x38ce28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x38ce68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x38cda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x38cd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x38cf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x38cf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x38cee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x38cea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x38cc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x38cca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x38cc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x38cde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x38cd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x38cce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x1062228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x1062268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x10621a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x1062128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x1062328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x1062368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x10622e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x10622a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x1062068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x10620a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x1062028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x10621e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x1062168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x10620e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x560e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x560e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x560da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x560d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x560f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x560f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x560ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x560ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x560c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x560ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x560c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x560de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x560d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x560ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x708a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x708a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x7089a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x708928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x708b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x708b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x708ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x708aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x708868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x7088a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x708828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x7089e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x708968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x7088e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x97aa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x97aa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x97a9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x97a928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x97ab28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x97ab68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x97aae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x97aaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x97a868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x97a8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x97a828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x97a9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x97a968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x97a8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x7cea28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x7cea68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x7ce9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x7ce928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x7ceb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x7ceb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x7ceae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x7ceaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x7ce868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x7ce8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x7ce828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x7ce9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x7ce968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x7ce8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0xd16228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0xd16268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0xd161a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0xd16128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0xd16328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0xd16368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0xd162e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0xd162a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0xd16068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0xd160a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0xd16028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0xd161e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0xd16168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0xd160e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x9abe28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x9abe68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x9abda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x9abd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x9abf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x9abf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x9abee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x9abea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x9abc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x9abca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x9abc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x9abde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x9abd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x9abce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b4f991 7 bytes {MOV EDX, 0x3e3a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b4fbd5 7 bytes {MOV EDX, 0x3e3a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b4fc05 7 bytes {MOV EDX, 0x3e39a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b4fc1d 7 bytes {MOV EDX, 0x3e3928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b4fc35 7 bytes {MOV EDX, 0x3e3b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b4fc65 7 bytes {MOV EDX, 0x3e3b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b4fce5 7 bytes {MOV EDX, 0x3e3ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b4fcfd 7 bytes {MOV EDX, 0x3e3aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b4fd49 7 bytes {MOV EDX, 0x3e3868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b4fe41 7 bytes {MOV EDX, 0x3e38a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b50099 7 bytes {MOV EDX, 0x3e3828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b510a5 7 bytes {MOV EDX, 0x3e39e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b5111d 7 bytes {MOV EDX, 0x3e3968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b51321 7 bytes {MOV EDX, 0x3e38e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077b01465 2 bytes [B0, 77] .text C:\Users\Patryk\Downloads\OTL.exe[1128] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000077b014bb 2 bytes [B0, 77] .text ... * 2 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe387490 11 bytes JMP 000007fffde50228 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe39bf00 7 bytes JMP 000007fffde50260 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\system32\wuauclt.exe[2440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[1968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\system32\NOTEPAD.EXE[3108] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\notepad.exe[4044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007786efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778999b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778a94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778a9640 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778ca500 7 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefde63460 7 bytes JMP 000007fffde500d8 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefde690b0 5 bytes JMP 000007fffde50180 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefde69250 5 bytes JMP 000007fffde50110 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefde6b7b0 6 bytes JMP 000007fffde50148 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6589e0 8 bytes JMP 000007fffde501f0 .text C:\Windows\notepad.exe[1816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff65be40 8 bytes JMP 000007fffde501b8 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000760f1429 7 bytes JMP 000000016e3a12ad .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007610b223 5 bytes JMP 000000016e3a15be .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761888f4 7 bytes JMP 000000016e3a1357 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076188979 5 bytes JMP 000000016e3a16e0 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076188ccf 5 bytes JMP 000000016e3a1028 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075671d1b 5 bytes JMP 000000016e3a11ef .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075671dc9 5 bytes JMP 000000016e3a1023 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075672aa4 5 bytes JMP 000000016e3a156e .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075672d0a 5 bytes JMP 000000016e3a1294 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fce9a2 5 bytes JMP 000000016e3a15d7 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fcebdc 5 bytes JMP 000000016e3a11b8 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076e48a29 5 bytes JMP 000000016e3a1050 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076e54572 5 bytes JMP 000000016e3a10d2 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075765ea5 5 bytes JMP 000000016e3a1609 .text C:\Users\Patryk\Downloads\fd1864ih.exe[4780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075799d0b 5 bytes JMP 000000016e3a1249 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1812:2716] 000007feebf29688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd1130c2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd1130c2 (not active ControlSet) ---- EOF - GMER 2.1 ----