GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-10 16:58:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d Hitachi_ rev.JE3O 465,76GB Running: ol4lg0oy.exe; Driver: C:\Users\Kinia\AppData\Local\Temp\fwddapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000d5400 7 bytes [00, 5C, F3, FF, 41, 66, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000d5408 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000001153610 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f9b1003 2 bytes [9B, 6F] .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f9b1016 2 bytes [9B, 6F] .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Roaming\Dropbox\bin\Dropbox.exe[2580] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f9b1003 2 bytes [9B, 6F] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f9b1016 2 bytes [9B, 6F] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2884] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f9b1003 2 bytes [9B, 6F] .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f9b1016 2 bytes [9B, 6F] .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6700] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3776] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074da1401 2 bytes JMP 750ab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074da1419 2 bytes JMP 750ab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074da1431 2 bytes JMP 75128fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074da144a 2 bytes CALL 7508489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074da14dd 2 bytes JMP 751288c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074da14f5 2 bytes JMP 75128aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074da150d 2 bytes JMP 751287ba C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074da1525 2 bytes JMP 75128b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074da153d 2 bytes JMP 7509fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074da1555 2 bytes JMP 750a68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074da156d 2 bytes JMP 75129089 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074da1585 2 bytes JMP 75128bea C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074da159d 2 bytes JMP 7512877e C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074da15b5 2 bytes JMP 7509fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074da15cd 2 bytes JMP 750ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074da16b2 2 bytes JMP 75128f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074da16bd 2 bytes JMP 75128713 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Users\Kinia\AppData\Local\Akamai\netsession_win.exe[3920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075698a29 5 bytes JMP 0000000070342b20 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 00000000752c5ea5 5 bytes JMP 0000000070342ae0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 00000000752f9d0b 5 bytes JMP 0000000070342a70 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f9b1003 2 bytes [9B, 6F] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5604] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f9b1016 2 bytes [9B, 6F] .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075081efe 7 bytes JMP 0000000070343c50 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075085b9d 7 bytes JMP 0000000070344290 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000750913f9 7 bytes JMP 0000000070343ea0 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007509ea45 7 bytes JMP 0000000070343c40 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075128f4c 7 bytes JMP 00000000703436c0 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075128fd1 5 bytes JMP 0000000070343770 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075129327 5 bytes JMP 00000000703436d0 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000754d1d29 5 bytes JMP 0000000070343680 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000754d1dd7 5 bytes JMP 0000000070343640 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000754d2ab1 5 bytes JMP 0000000070343780 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000754d2d1d 5 bytes JMP 0000000070343480 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074dcd2b4 5 bytes JMP 0000000070342c60 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074dcd4ee 5 bytes JMP 0000000070342c70 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756a4572 5 bytes JMP 0000000070343400 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756be567 5 bytes JMP 0000000070343470 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000756e07d7 5 bytes JMP 0000000070342960 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000756f7a5c 5 bytes JMP 00000000703433e0 .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f9b1003 2 bytes [9B, 6F] .text C:\Users\Kinia\Desktop\ol4lg0oy.exe[6512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f9b1016 2 bytes [9B, 6F] ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [2136:5860] 000007feed625040 Thread C:\Windows\System32\svchost.exe [2136:5888] 000007fef4219688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68ae2aef Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68ae2aef (not active ControlSet) ---- EOF - GMER 2.2 ----