GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-30 17:29:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 KINGSTON rev.603A 223,57GB Running: rib7j4io.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\aftcaaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd230180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd230110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [F8, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd230148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2301b8 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefb27dc88 5 bytes JMP 000007fefb2500d8 .text C:\Windows\system32\Dwm.exe[5112] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefb27de10 5 bytes JMP 000007fefb250110 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Program Files\DellTPad\Apoint.exe[1220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Program Files\IDT\WDM\sttray64.exe[4336] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Windows\System32\igfxpers.exe[4464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\DellTPad\HidFind.exe[4668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Program Files\DellTPad\Apntex.exe[4676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000729f11a8 2 bytes [9F, 72] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000729f127d 2 bytes CALL 754714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000729f1310 2 bytes CALL 754714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000729f13a8 2 bytes [9F, 72] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000729f1422 2 bytes [9F, 72] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4752] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000729f1498 2 bytes [9F, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4488] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075478769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3092] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[3284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Windows\system32\wbem\unsecapp.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[2644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ca460 7 bytes JMP 000000006fff0260 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771d3f80 5 bytes JMP 000000006fff01b8 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771effa0 5 bytes JMP 000000006fff01f0 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ff330 5 bytes JMP 000000006fff0148 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077229a80 7 bytes JMP 000000006fff00d8 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077239510 5 bytes JMP 000000006fff0180 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077239680 5 bytes JMP 000000006fff0110 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077258830 7 bytes JMP 000000006fff0228 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd2a2db0 5 bytes JMP 000007fefd290180 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2a37d0 7 bytes JMP 000007fefd2900d8 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd2aa410 2 bytes JMP 000007fefd290110 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd2aa413 2 bytes [FE, FF] .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd2aaec0 6 bytes JMP 000007fefd290148 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4b89d0 8 bytes JMP 000007fefd2901f0 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4bbe40 8 bytes JMP 000007fefd2901b8 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdcf74a0 11 bytes JMP 000007fefd290228 .text C:\Windows\splwow64.exe[3788] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdd0bf10 7 bytes JMP 000007fefd290260 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE[5408] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[5848] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5492] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5896] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076101401 2 bytes JMP 7549b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076101419 2 bytes JMP 7549b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076101431 2 bytes JMP 75518f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007610144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761014dd 2 bytes JMP 75518832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761014f5 2 bytes JMP 75518a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007610150d 2 bytes JMP 75518728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076101525 2 bytes JMP 75518af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007610153d 2 bytes JMP 7548fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076101555 2 bytes JMP 754968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007610156d 2 bytes JMP 75518ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076101585 2 bytes JMP 75518b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007610159d 2 bytes JMP 755186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761015b5 2 bytes JMP 7548fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761015cd 2 bytes JMP 7549b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761016b2 2 bytes JMP 75518eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761016bd 2 bytes JMP 75518681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2092] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6800] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Windows\SysWOW64\ctfmon.exe[3316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075471eee 7 bytes JMP 0000000072e1168b .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075475b85 7 bytes JMP 0000000072e111a4 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754813e1 7 bytes JMP 0000000072e11280 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007548ea35 7 bytes JMP 0000000072e1123a .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007549b20b 5 bytes JMP 0000000072e115a0 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075518eb4 7 bytes JMP 0000000072e1132f .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075518f39 5 bytes JMP 0000000072e116cc .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007551928f 5 bytes JMP 0000000072e11703 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000072e111bd .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000072e11014 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000072e1154b .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000072e11267 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076efd2b4 5 bytes JMP 0000000072e115b9 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076efd4ee 5 bytes JMP 0000000072e11181 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075588b9a 5 bytes JMP 0000000072e1171c .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075594c48 5 bytes JMP 0000000072e110a0 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075596bdc 5 bytes JMP 0000000072e1140b .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000755e7bec 5 bytes JMP 0000000072e115c8 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075d45ea5 5 bytes JMP 0000000072e115f0 .text C:\Users\Kuba\Downloads\rib7j4io.exe[588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075d79d0b 5 bytes JMP 0000000072e11217 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8249239 Reg HKLM\SYSTEM\CurrentControlSet\services\ngvss\Parameters@asserts ???y??????*??_???g????????s??????????~???/?/???????/?????_?_?/???@?@?@?????/????????????????????????????? ?????????????/???????0?????????????????????????????????5???????????,???????????????????F??????????????? Z??/??????????s???DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL??????????????-?????????e? ???????????3??????-9???????????1??????49???????????0??????FF??????????wuauserv?gpsvc?trustedinstaller?????WPD?????????aswSP?????"??/???????e??AFD???????X?`????????????????3??????????????????????????????6.0?????????? ???????D??????x&??? ???????1??????y_???????????f?????????rbf???????%???6??????????r8??????????????????????????????????????????????r????????????/???????/????????????????????????????????????????????z??3????????????????`??/???/???/???/?/?????/?/?/?/?/?/?/?/?/?/?/?/#???JVC21BE16843009_00_07D6_AB*LGD02DA0_00_07DA_EE??_0????`??/???_??e3???????????&???????0???????????????????????/?????????????????? 2????????@?????