GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-08 16:23:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: ebie7o47.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kftcqaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1860] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef98e2460 5 bytes JMP 000007fefd0102d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1880] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef99196b0 6 bytes JMP 000007fefd010298 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef98e2460 5 bytes JMP 000007fefd0102d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2068] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef99196b0 6 bytes JMP 000007fefd010298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2248] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2376] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2596] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7b0dc88 5 bytes JMP 000007fef79000d8 .text C:\Windows\system32\Dwm.exe[2704] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7b0de10 5 bytes JMP 000007fef7900110 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Windows\system32\taskeng.exe[2932] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2608] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\xampp\mysql\bin\mysqld-nt.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4744] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefcff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefcff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefcff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefcff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 8 bytes JMP 000007fefcff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4760] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 8 bytes JMP 000007fefcff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4948] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefd010180 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefd0100d8 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefd010148 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefd010110 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 3 bytes JMP 000007fefd0101f0 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff4889d4 4 bytes [FD, CC, CC, CC] .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 3 bytes JMP 000007fefd0101b8 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff48be44 4 bytes [FD, CC, CC, CC] .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefd010228 .text C:\Windows\System32\igfxpers.exe[3584] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefd010260 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[5144] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefcff0180 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefcff00d8 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefcff0148 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefcff0110 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 8 bytes JMP 000007fefcff01f0 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 8 bytes JMP 000007fefcff01b8 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefcff0228 .text C:\Windows\WindowsMobile\wmdc.exe[5328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefcff0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefcff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefcff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefcff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefcff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 8 bytes JMP 000007fefcff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 8 bytes JMP 000007fefcff01b8 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000770ca400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000770d3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000770effe0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770ff390 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077129ae0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077139570 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077158890 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd022db0 5 bytes JMP 000007fefcff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd023700 7 bytes JMP 000007fefcff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd029140 5 bytes JMP 000007fefcff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd02a2b0 5 bytes JMP 000007fefcff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3374a0 11 bytes JMP 000007fefcff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe34bf10 7 bytes JMP 000007fefcff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff4889d0 8 bytes JMP 000007fefcff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff48be40 8 bytes JMP 000007fefcff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef98e2460 5 bytes JMP 000007fefcff02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5784] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef99196b0 6 bytes JMP 000007fefcff0298 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[5932] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[5948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5208] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076321401 2 bytes JMP 74e1b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076321419 2 bytes JMP 74e1b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076321431 2 bytes JMP 74e99011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007632144a 2 bytes CALL 74df48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763214dd 2 bytes JMP 74e9890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763214f5 2 bytes JMP 74e98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007632150d 2 bytes JMP 74e98800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076321525 2 bytes JMP 74e98bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007632153d 2 bytes JMP 74e0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076321555 2 bytes JMP 74e16907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007632156d 2 bytes JMP 74e990c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076321585 2 bytes JMP 74e98c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007632159d 2 bytes JMP 74e987c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763215b5 2 bytes JMP 74e0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763215cd 2 bytes JMP 74e1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763216b2 2 bytes JMP 74e98f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[5832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763216bd 2 bytes JMP 74e98759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe[1180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076336143 5 bytes JMP 00000000650ed938 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076345ea5 5 bytes JMP 0000000072603a00 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076379d0b 5 bytes JMP 0000000072603990 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076b19ebd 5 bytes JMP 0000000064987c95 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076b20afa 5 bytes JMP 000000006498beca .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076b21361 5 bytes JMP 000000006499bf39 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000076b27849 5 bytes JMP 0000000064b80825 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074fa3e59 5 bytes JMP 00000000649c40b4 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074fa3eae 5 bytes JMP 00000000649d3f22 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074fa4731 5 bytes JMP 00000000649df0d3 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074fa5dee 5 bytes JMP 0000000064a6dcd2 .text C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[6328] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075757ea3 5 bytes JMP 0000000064a61a8d .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074df1f0e 7 bytes JMP 0000000072604b10 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074df5bad 7 bytes JMP 00000000726054b0 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074e01409 7 bytes JMP 0000000072604e50 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074e0ea5d 7 bytes JMP 0000000072604b00 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074e98f8c 7 bytes JMP 00000000726045c0 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074e99011 5 bytes JMP 0000000072604670 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074e99367 5 bytes JMP 00000000726045d0 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074da1e3d 5 bytes JMP 0000000072604580 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074da1eeb 5 bytes JMP 0000000072604540 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074da2bcd 5 bytes JMP 0000000072604680 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074da2e7f 5 bytes JMP 0000000072604360 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007514d2b4 5 bytes JMP 0000000072603b60 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007514d4ee 5 bytes JMP 0000000072603b80 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b18a29 5 bytes JMP 0000000072603a40 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076b24572 5 bytes JMP 00000000726042e0 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076b3e567 5 bytes JMP 0000000072604350 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076b607d7 5 bytes JMP 0000000072603850 .text C:\Users\Asus\Downloads\ebie7o47.exe[8580] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076b77a5c 5 bytes JMP 00000000726042d0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [8188:5680] 000007fee7315040 Thread C:\Windows\System32\svchost.exe [8188:6388] 000007fee9df9688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\94dbc9ab3d29 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\94dbc9ab3d29 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{999AB938-1DB4-06A0-4FBA-A4FEA911C0DC} Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=59B91 \xa0\KeyFinderInstaller.exe 1 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----