GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-14 17:38:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA60A 465,76GB Running: b0zoxc3q.exe; Driver: C:\Users\Piotrek\AppData\Local\Temp\kfldapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[960] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077969020 4 bytes [C3, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef854dc88 5 bytes JMP 000007fef83400d8 .text C:\Windows\system32\Dwm.exe[1736] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef854de10 5 bytes JMP 000007fef8340110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000733917fa 2 bytes CALL 75a611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073391860 2 bytes CALL 75a611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073391942 2 bytes JMP 75c46da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2120] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007339194d 2 bytes JMP 75c4e8de C:\Windows\syswow64\WS2_32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefda600d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefda60180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefda60110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefda60148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefda601f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefda601b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefda60228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2152] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefda60260 .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000733917fa 2 bytes CALL 75a611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073391860 2 bytes CALL 75a611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073391942 2 bytes JMP 75c46da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007339194d 2 bytes JMP 75c4e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000758c1401 2 bytes JMP 75a8b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000758c1419 2 bytes JMP 75a8b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000758c1431 2 bytes JMP 75b09149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000758c144a 2 bytes CALL 75a64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes JMP 75b08a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes JMP 75b08c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000758c150d 2 bytes JMP 75b08938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes JMP 75b08d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000758c153d 2 bytes JMP 75a7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000758c1555 2 bytes JMP 75a86907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes JMP 75b09201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000758c1585 2 bytes JMP 75b08d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000758c159d 2 bytes JMP 75b088fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes JMP 75a7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes JMP 75a8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes JMP 75b090c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2168] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes JMP 75b08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes JMP 75a8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes JMP 75a8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes JMP 75b09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes CALL 75a64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes JMP 75b08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes JMP 75b08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes JMP 75b08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes JMP 75b08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes JMP 75a7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes JMP 75a86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes JMP 75b09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes JMP 75b08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes JMP 75b088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes JMP 75a7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes JMP 75a8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes JMP 75b090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes JMP 75b08891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Windows\system32\taskeng.exe[2536] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[2580] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1560] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2052] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef22b2460 5 bytes JMP 000007fefdaa02d0 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3060] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef22e96b0 6 bytes JMP 000007fefdaa0298 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Windows\System32\igfxpers.exe[1156] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3324] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3332] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes JMP 75a8b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes JMP 75a8b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes JMP 75b09149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes CALL 75a64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes JMP 75b08a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes JMP 75b08c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes JMP 75b08938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes JMP 75b08d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes JMP 75a7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes JMP 75a86907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes JMP 75b09201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes JMP 75b08d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes JMP 75b088fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes JMP 75a7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes JMP 75a8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes JMP 75b090c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\FluxSoftware\Flux\flux.exe[3436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes JMP 75b08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdde6d10 11 bytes JMP 000007fefdaa0228 .text C:\Program Files\ShareX\ShareX.exe[3660] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddfb4f0 7 bytes JMP 000007fefdaa0260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[3724] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3732] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes JMP 75a8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes JMP 75a8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes JMP 75b09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes CALL 75a64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes JMP 75b08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes JMP 75b08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes JMP 75b08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes JMP 75b08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes JMP 75a7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes JMP 75a86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes JMP 75b09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes JMP 75b08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes JMP 75b088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes JMP 75a7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes JMP 75a8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes JMP 75b090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes JMP 75b08891 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758c1401 2 bytes JMP 75a8b233 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758c1419 2 bytes JMP 75a8b35e C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758c1431 2 bytes JMP 75b09149 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758c144a 2 bytes CALL 75a64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758c14dd 2 bytes JMP 75b08a42 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758c14f5 2 bytes JMP 75b08c18 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758c150d 2 bytes JMP 75b08938 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758c1525 2 bytes JMP 75b08d02 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758c153d 2 bytes JMP 75a7fcc0 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758c1555 2 bytes JMP 75a86907 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758c156d 2 bytes JMP 75b09201 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758c1585 2 bytes JMP 75b08d62 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758c159d 2 bytes JMP 75b088fc C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758c15b5 2 bytes JMP 75a7fd59 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758c15cd 2 bytes JMP 75a8b2f4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758c16b2 2 bytes JMP 75b090c4 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Taiga\Taiga.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758c16bd 2 bytes JMP 75b08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c9710 5 bytes JMP 000000006fff0180 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9880 5 bytes JMP 000000006fff0110 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779e8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdab32f0 7 bytes JMP 000007fefdaa00d8 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdabaa60 5 bytes JMP 000007fefdaa0180 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdabac00 5 bytes JMP 000007fefdaa0110 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdac9ac0 5 bytes JMP 000007fefdaa0148 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffa38840 8 bytes JMP 000007fefdaa01f0 .text C:\Program Files\HexChat\hexchat.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffa3b9f0 8 bytes JMP 000007fefdaa01b8 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a71409 7 bytes JMP 00000000732312ad .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a8b233 5 bytes JMP 00000000732315be .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b090c4 7 bytes JMP 0000000073231357 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b09149 5 bytes JMP 00000000732316e0 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b0949f 5 bytes JMP 0000000073231028 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000732311ef .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 0000000073231023 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 000000007323156e .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 0000000073231294 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767ae757 5 bytes JMP 00000000732315d7 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767ae991 5 bytes JMP 00000000732311b8 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000073231050 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076535645 5 bytes JMP 00000000732310d2 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076625e75 5 bytes JMP 0000000073231609 .text E:\Chrome-pobrane\b0zoxc3q.exe[5200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076659cbb 5 bytes JMP 0000000073231249