GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-20 17:18:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 698,64GB Running: twi9v4un.exe; Driver: C:\Users\UZDA\AppData\Local\Temp\uwldapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010043091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100430048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001004302ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001004304b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001004309fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100430ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010043012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100430758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100430676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001004303d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100430594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010043083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010043020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100430f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100440210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100440048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88b3a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100430ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001004403d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010044012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001004402f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1264] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100430e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001001d091c .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001001d0048 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001001d02ee .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001001d04b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001001d09fe .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001001d0ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001001d012a .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001001d0758 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001001d0676 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001001d03d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001001d0594 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001001d083a .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001001d020c .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001001d0f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100260210 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100260048 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8895a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001001d0ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002603d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010026012c .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002602f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1372] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001001d0e6e .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010029059e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100280f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100290210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100290048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8898a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100280ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002903d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010029012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002902f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100280e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef974dc88 5 bytes JMP 000007fff95400d8 .text C:\Windows\system32\Dwm.exe[1664] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef974de10 5 bytes JMP 000007fff9540110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010038091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100380048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001003802ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001003804b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001003809fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100380ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010038012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100380758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100380676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001003803d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100380594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010038083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010038020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001003a04bc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100380f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001003a0210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001003a0048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88a9a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100380ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001003a03d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001003a012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001003a02f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100380e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010029059e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100280f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100290210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100290048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8898a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100280ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002903d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010029012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002902f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100280e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001001f091c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001001f0048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001001f02ee .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001001f04b2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001001f09fe .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001001f0ae0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010003004c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001001f012a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001001f0758 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001001f0676 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001001f03d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001001f0594 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001001f083a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001001f020c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010020059e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001001f0f52 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100200210 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100200048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff888fa9d1} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001001f0ca6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002003d8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010020012c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002002f4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001001f0e6e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010014091c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100140048 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001001402ee .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001001404b2 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001001409fe .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100140ae0 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010014012a .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100140758 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100140676 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001001403d0 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100140594 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010014083a .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010014020c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010015059e .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100140f52 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100150210 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100150048 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8884a9d1} .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100140ca6 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001001503d8 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010015012c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001001502f4 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100140e6e .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001000e091c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001000e0048 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001000e02ee .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001000e04b2 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001000e09fe .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001000e0ae0 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001000e012a .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001000e0758 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001000e0676 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001000e03d0 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001000e0594 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001000e083a .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001000e020c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001000f059e .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001000e0f52 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001000f0210 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001000f0048 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff887ea9d1} .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001000e0ca6 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001000f03d8 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001000f012c .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001000f02f4 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001000e0e6e .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Windows\system32\taskeng.exe[2532] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[2948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Windows\System32\igfxpers.exe[3052] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2128] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a5efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a899b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a994d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a99640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077aba500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9b0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef974dc88 5 bytes JMP 000007fff97200d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef974de10 5 bytes JMP 000007fff9720110 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010030091c .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100300048 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001003002ee .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001003004b2 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001003009fe .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100300ae0 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010030012a .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100300758 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100300676 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001003003d0 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100300594 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010030083a .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010030020c .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010031059e .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100300f52 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100310210 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100310048 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88a0a9d1} .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100300ca6 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001003103d8 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010031012c .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001003102f4 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100300e6e .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001005b091c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001005b0048 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001005b02ee .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001005b04b2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001005b09fe .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001005b0ae0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010059004c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001005b012a .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001005b0758 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001005b0676 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001005b03d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001005b0594 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001005b083a .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001005b020c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001005b0f52 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100990210 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100990048 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8908a9d1} .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001005b0ca6 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001009903d8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010099012c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001009902f4 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001005b0e6e .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010099059e .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9d3460 7 bytes JMP 000007fffd9c00d8 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9d9940 6 bytes JMP 000007fffd9c0148 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9d9fb0 5 bytes JMP 000007fffd9c0180 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9da150 5 bytes JMP 000007fffd9c0110 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff6d7490 11 bytes JMP 000007fffd9c0228 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff6ebf00 7 bytes JMP 000007fffd9c0260 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffdc89e0 8 bytes JMP 000007fffd9c01f0 .text C:\Windows\system32\wbem\unsecapp.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffdcbe40 8 bytes JMP 000007fffd9c01b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001002904bc .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100280f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100290210 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100290048 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8898a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100280ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002903d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010029012c .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002902f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100280e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010021091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100210048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001002102ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001002104b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001002109fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100210ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010021012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100210758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100210676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001002103d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100210594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010021083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010021020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001002a04bc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100210f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001002a0210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001002a0048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8899a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100210ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002a03d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001002a012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002a02f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100210e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001002904bc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100280f52 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100290210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100290048 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8898a9d1} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100280ca6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001002903d8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010029012c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001002902f4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100280e6e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe[4388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010010091c .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100100048 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001001002ee .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001001004b2 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001001009fe .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100100ae0 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010010012a .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100100758 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100100676 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001001003d0 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100100594 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010010083a .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010010020c .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075ec549c 5 bytes JMP 00000001002f0800 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010011059e .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Steam\Steam.exe[5420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010009091c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100090048 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001000902ee .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001000904b2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001000909fe .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100090ae0 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010009012a .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100090758 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100090676 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001000903d0 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100090594 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010009083a .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010009020c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075ec549c 5 bytes JMP 0000000100280800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 000000010012059e .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100090f52 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100120210 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100120048 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8881a9d1} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100090ca6 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001001203d8 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010012012c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001001202f4 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100090e6e .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001000a091c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001000a0048 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001000a02ee .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001000a04b2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001000a09fe .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001000a0ae0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010003004c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001000a012a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001000a0758 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001000a0676 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001000a03d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001000a0594 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001000a083a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001000a020c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001001a0762 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001000a0f52 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001001a0210 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001001a0048 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8889a9d1} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001000a0ca6 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001001a03d8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001001a012c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001001a02f4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1852] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001000a0e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010009091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100090048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001000902ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001000904b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001000909fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100090ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010009012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100090758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100090676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001000903d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100090594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010009083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010009020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001000a04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100090f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001000a0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001000a0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8879a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100090ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001000a03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001000a012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001000a02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100090e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3500] entry point in ".rdata" section 0000000071d471e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x114c628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x114c668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x114c5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x114c528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x114c728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x114c768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001012a091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x114c6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x114c6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x114c468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001012a0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x114c4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001012a02ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001012a04b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001012a09fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001012a0ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010120004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x114c428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001012a012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001012a0758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001012a0676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001012a03d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x114c5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x114c568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x114c4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001012a0594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001012a083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001012a020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001012b04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001012a0f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001012b0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001012b0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff899aa9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001012a0ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001012b03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001012b012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001012b02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001012a0e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x700628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x700668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x7005a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x700528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x700728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x700768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001007e091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x7006e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x7006a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x700468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001007e0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x7004a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001007e02ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001007e04b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001007e09fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001007e0ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 00000001007c004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x700428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001007e012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001007e0758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001007e0676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001007e03d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x7005e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x700568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x7004e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001007e0594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001007e083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001007e020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001007f04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001007e0f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001007f0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001007f0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88eea9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001007e0ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001007f03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001007f012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001007f02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001007e0e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x86ba28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x86ba68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x86b9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x86b928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x86bb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x86bb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001008d091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x86bae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x86baa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x86b868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001008d0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x86b8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001008d02ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001008d04b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001008d09fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001008d0ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 00000001008b004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x86b828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001008d012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001008d0758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001008d0676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001008d03d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x86b9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x86b968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x86b8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001008d0594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001008d083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001008d020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001009a04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001008d0f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001009a0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001009a0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8909a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001008d0ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001009a03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001009a012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001009a02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001008d0e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x4ce628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x4ce668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x4ce5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x4ce528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x4ce728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x4ce768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010071091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x4ce6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x4ce6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x4ce468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100710048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x4ce4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001007102ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001007104b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001007109fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100710ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 00000001006f004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x4ce428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010071012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100710758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100710676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001007103d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x4ce5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x4ce568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x4ce4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100710594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010071083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010071020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001007204bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100710f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100720210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100720048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88e1a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100710ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001007203d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010072012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001007202f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100710e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x2c4628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x2c4668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x2c45a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x2c4528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x2c4728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x2c4768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001003a091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x2c46e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x2c46a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x2c4468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001003a0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x2c44a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001003a02ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001003a04b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001003a09fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001003a0ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010038004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x2c4428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001003a012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001003a0758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001003a0676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001003a03d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x2c45e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x2c4568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x2c44e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001003a0594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001003a083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001003a020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001003b04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001003a0f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 00000001003b0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 00000001003b0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88aaa9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001003a0ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001003b03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 00000001003b012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001003b02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001003a0e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xb29628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xb29668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xb295a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xb29528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xb29728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xb29768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100c0091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xb296e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xb296a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xb29468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100c00048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xb294a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 0000000100c002ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 0000000100c004b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100c009fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100c00ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 0000000100be004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xb29428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 0000000100c0012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100c00758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100c00676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 0000000100c003d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xb295e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xb29568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xb294e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100c00594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 0000000100c0083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 0000000100c0020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 0000000100c104bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100c00f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100c10210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100c10048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8930a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100c00ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 0000000100c103d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 0000000100c1012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 0000000100c102f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100c00e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xa21228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xa21268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xa211a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xa21128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xa21328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xa21368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100b0091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xa212e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xa212a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xa21068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100b00048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xa210a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 0000000100b002ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 0000000100b004b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100b009fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100b00ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 0000000100ae004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xa21028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 0000000100b0012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100b00758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100b00676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 0000000100b003d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xa211e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xa21168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xa210e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100b00594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 0000000100b0083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 0000000100b0020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 0000000100b104bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100b00f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100b10210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100b10048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8920a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100b00ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 0000000100b103d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 0000000100b1012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 0000000100b102f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100b00e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x47c628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x47c668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x47c5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x47c528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x47c728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x47c768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 000000010061091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x47c6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x47c6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x47c468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100610048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x47c4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001006102ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001006104b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001006109fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100610ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010057004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x47c428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 000000010061012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100610758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100610676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001006103d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x47c5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x47c568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x47c4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100610594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 000000010061083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 000000010061020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001006204bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100610f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100620210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100620048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88d1a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100610ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001006203d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010062012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001006202f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100610e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x93ce28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x93ce68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x93cda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x93cd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x93cf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x93cf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100b9091c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x93cee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x93cea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x93cc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 0000000100b90048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x93cca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 0000000100b902ee .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 0000000100b904b2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100b909fe .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 0000000100b90ae0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 0000000100a0004c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x93cc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 0000000100b9012a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 0000000100b90758 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 0000000100b90676 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 0000000100b903d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x93cde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x93cd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x93cce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100b90594 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 0000000100b9083a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 0000000100b9020c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 0000000100ba04bc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 0000000100b90f52 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100ba0210 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100ba0048 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff8929a9d1} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 0000000100b90ca6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 0000000100ba03d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 0000000100ba012c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 0000000100ba02f4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 0000000100b90e6e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 00000001004f091c .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077d3fdf4 5 bytes JMP 00000001004f0048 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077d3fe88 5 bytes JMP 00000001004f02ee .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d3ffe4 5 bytes JMP 00000001004f04b2 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 00000001004f09fe .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077d40048 5 bytes JMP 00000001004f0ae0 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d40064 5 bytes JMP 000000010002004c .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d4077c 5 bytes JMP 00000001004f012a .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d4086c 5 bytes JMP 00000001004f0758 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d40884 5 bytes JMP 00000001004f0676 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d40dd4 5 bytes JMP 00000001004f03d0 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 00000001004f0594 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d41bc4 5 bytes JMP 00000001004f083a .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077d41d50 5 bytes JMP 00000001004f020c .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076081429 7 bytes JMP 00000001731912ad .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007609b223 5 bytes JMP 00000001731915be .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000761188f4 7 bytes JMP 0000000173191357 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076118979 5 bytes JMP 00000001731916e0 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076118ccf 5 bytes JMP 0000000173191028 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075ec1d1b 5 bytes JMP 00000001731911ef .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075ec1dc9 5 bytes JMP 0000000173191023 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ec2aa4 5 bytes JMP 000000017319156e .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075ec2d0a 5 bytes JMP 0000000173191294 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007790524f 7 bytes JMP 00000001004f0f52 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000779053d0 7 bytes JMP 0000000100500210 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000077905677 1 byte JMP 0000000100500048 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000077905679 5 bytes {JMP 0xffffffff88bfa9d1} .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007790589a 7 bytes JMP 00000001004f0ca6 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000077905a1d 7 bytes JMP 00000001005003d8 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000077905c9b 7 bytes JMP 000000010050012c .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000077905d87 7 bytes JMP 00000001005002f4 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000077907240 7 bytes JMP 00000001004f0e6e .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c5e9a2 5 bytes JMP 00000001731915d7 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c5ebdc 5 bytes JMP 00000001731911b8 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b18a29 5 bytes JMP 0000000173191050 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b24572 5 bytes JMP 00000001731910d2 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b3cfca 5 bytes JMP 00000001732e4720 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075b61492 7 bytes JMP 00000001005004bc .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d65ea5 5 bytes JMP 0000000173191609 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d99d0b 5 bytes JMP 0000000173191249 .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f01465 2 bytes [F0, 75] .text C:\Users\UZDA\Downloads\twi9v4un.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f014bb 2 bytes [F0, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4392:4588] 000007fefbc32a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093710321 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 1105 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093710321 (not active ControlSet) ---- EOF - GMER 2.1 ----