GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-17 16:06:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007c Crucial_ rev.MU01 238,47GB Running: pl2tplhk.exe; Driver: C:\Users\12alfa\AppData\Local\Temp\uxtdapod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 75b6b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 75b6b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 75be9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 75b44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 75be8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 75be8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 75be8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 75be8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 75b5fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 75b66907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 75be9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 75be8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 75be88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 75b5fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 75b6b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 75be90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 75be8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1732] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 75b6b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 75b6b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 75be9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 75b44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 75be8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 75be8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 75be8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 75be8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 75b5fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 75b66907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 75be9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 75be8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 75be88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 75b5fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 75b6b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 75be90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2520] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 75be8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[4028] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\taskhost.exe[4028] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\taskhost.exe[4028] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\taskhost.exe[4028] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4036] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4364] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c230aa 7 bytes JMP 0000000000930095 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c268f0 7 bytes JMP 000000000093002d .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c26e5a 7 bytes JMP 00000000009300c9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\WS2_32.dll!WSASetEvent + 43 0000000076c2bcd0 7 bytes JMP 0000000000930061 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 75b6b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 75b6b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 75be9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 75b44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 75be8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 75be8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 75be8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 75be8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 75b5fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 75b66907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 75be9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 75be8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 75be88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 75b5fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 75b6b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 75be90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 75be8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\WS2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4896] C:\Windows\system32\WS2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcd800d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcd80180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcd80110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcd80148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcd801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcd801b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7212460 5 bytes JMP 000007fefcd802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5084] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef72496b0 6 bytes JMP 000007fefcd80298 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\taskeng.exe[2668] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, DE, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, DD, EE, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c230aa 7 bytes JMP 0000000000170095 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c268f0 7 bytes JMP 000000000017002d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c26e5a 7 bytes JMP 00000000001700c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\WS2_32.dll!WSASetEvent + 43 0000000076c2bcd0 7 bytes JMP 0000000000170061 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[1628] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 8E, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 8D, EF, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[3244] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 9E, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 9D, F7, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 75b6b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 75b6b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 75be9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 75b44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 75be8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 75be8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 75be8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 75be8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 75b5fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 75b66907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 75be9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 75be8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 75be88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 75b5fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 75b6b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 75be90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 75be8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\WS2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe[2552] C:\Windows\system32\WS2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef447dc88 5 bytes JMP 000007fef44500d8 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef447de10 5 bytes JMP 000007fef4450110 .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\Dwm.exe[5216] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Windows\Explorer.EXE[5248] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\Explorer.EXE[5248] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\Explorer.EXE[5248] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\Explorer.EXE[5248] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 2E, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 2D, F5, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\ProgramData\DatacardService\DCSHelper.exe[5336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\igfxHK.exe[5412] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Windows\system32\igfxTray.exe[5424] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\igfxTray.exe[5424] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\igfxTray.exe[5424] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\igfxTray.exe[5424] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\igfxEM.exe[5548] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcd200d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcd20180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcd20110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcd20148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcd201f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcd201b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcd20228 .text C:\Program Files\Windows Sidebar\sidebar.exe[5612] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcd20260 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, FE, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, FD, F1, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c230aa 7 bytes JMP 0000000000be0095 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c268f0 7 bytes JMP 0000000000be002d .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c26e5a 7 bytes JMP 0000000000be00c9 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe[5792] C:\Windows\syswow64\WS2_32.dll!WSASetEvent + 43 0000000076c2bcd0 7 bytes JMP 0000000000be0061 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 7E, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 7D, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[4452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6204] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dda3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076de3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076dfffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e49710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e68ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5880] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 3D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 4E, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 4D, F5, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 5E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 5D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe[6768] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000770efab8 5 bytes JMP 000000005f342f50 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe[6768] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770f0048 5 bytes JMP 000000005f342f10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 3E, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 3D, EA, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe[5696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf232f0 7 bytes JMP 000007fefcf100d8 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf2aa60 5 bytes JMP 000007fefcf10180 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf2ac00 5 bytes JMP 000007fefcf10110 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf39ac0 5 bytes JMP 000007fefcf10148 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd626d10 11 bytes JMP 000007fefcf10228 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63b4f0 7 bytes JMP 000007fefcf10260 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd588840 8 bytes JMP 000007fefcf101f0 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd58b9f0 8 bytes JMP 000007fefcf101b8 .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ws2_32.dll!connect + 1 000007fefd1d42f1 5 bytes {JMP QWORD [RIP-0x7fef42be]} .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ws2_32.dll!getsockname 000007fefd1d9150 6 bytes {JMP QWORD [RIP-0x7fed90e6]} .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ws2_32.dll!WSAConnect 000007fefd1fe080 6 bytes {JMP QWORD [RIP-0x7fefe04e]} .text C:\Windows\system32\wuauclt.exe[5856] C:\Windows\system32\ws2_32.dll!getpeername 000007fefd1fe3e0 6 bytes {JMP QWORD [RIP-0x7fefe33e]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 4E, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 4D, EF, 7E, 00, 00, 00, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\ProgramData\DatacardService\DCSHelper.exe[1696] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, EE, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, ED, EC, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 0000000076565e75 5 bytes JMP 000000006aba2950 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 0000000076599cbb 5 bytes JMP 000000006aba28e0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\WS2_32.DLL!ioctlsocket + 38 0000000076c230aa 7 bytes JMP 00000000003d0095 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\WS2_32.DLL!recv + 202 0000000076c268f0 7 bytes JMP 00000000003d002d .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\WS2_32.DLL!WSARecv + 185 0000000076c26e5a 7 bytes JMP 00000000003d00c9 .text C:\Program Files (x86)\PLAY INTERNET\PLAY INTERNET.exe[4188] C:\Windows\syswow64\WS2_32.DLL!WSASetEvent + 43 0000000076c2bcd0 7 bytes JMP 00000000003d0061 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 4E, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 4D, F0, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 0E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 0E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes {XOR [RSI], CL; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes {AND [RSI], CL; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes {ADC [RSI], CL; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes {ADD [RSI], CL; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 0D, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7572] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 6E, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 6D, F2, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes {PUSH RAX; POP RSI; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes {POP RSI; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 5E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 5E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 5E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 5E, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes {POP RBP; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7944] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes {PUSH RAX; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes {JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes {XOR [RSI], CH; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes {AND [RSI], CH; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes {ADC [RSI], CH; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes {ADD [RSI], CH; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 2D, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, AE, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, AD, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes [30, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes [20, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes [10, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes [00, 2E, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 2D, EF, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7476] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076ef1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076ef12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076ef1434 8 bytes [50, 1E, E9, 7E, 00, 00, 00, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076ef17be 8 bytes [40, 1E, E9, 7E, 00, 00, 00, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076ef1a94 8 bytes {XOR [RSI], BL; JMP 0x85} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076ef1c15 8 bytes {AND [RSI], BL; JMP 0x85} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076ef1d7f 8 bytes {ADC [RSI], BL; JMP 0x85} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076ef1e65 8 bytes {ADD [RSI], BL; JMP 0x85} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076ef20c8 8 bytes [F0, 1D, E9, 7E, 00, 00, 00, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076f3be00 8 bytes {JMP QWORD [RIP-0x4a1f1]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076f3bf80 8 bytes {JMP QWORD [RIP-0x4a207]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f3bfb0 8 bytes {JMP QWORD [RIP-0x4ab82]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f3c0d0 8 bytes {JMP QWORD [RIP-0x4a642]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076f3c180 8 bytes {JMP QWORD [RIP-0x4a9c8]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f3c7b0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f3ca00 8 bytes {JMP QWORD [RIP-0x4a93e]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f3d260 8 bytes {JMP QWORD [RIP-0x4b401]} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748e13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748e146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748e16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748e19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748e19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748e1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b41eee 7 bytes JMP 000000006aba3980 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b45b85 7 bytes JMP 000000006aba3fc0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b51409 7 bytes JMP 000000006aba3bd0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b5ea5d 7 bytes JMP 000000006aba3970 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075be90c4 7 bytes JMP 000000006aba34c0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075be9149 5 bytes JMP 000000006aba3570 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075be949f 5 bytes JMP 000000006aba34d0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c81e4c 5 bytes JMP 000000006aba3480 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c81efa 5 bytes JMP 000000006aba3440 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c82bdc 5 bytes JMP 000000006aba3580 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c82e7e 5 bytes JMP 000000006aba3290 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aee757 5 bytes JMP 000000006aba2ab0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aee991 5 bytes JMP 000000006aba2ac0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076208a29 5 bytes JMP 000000006aba2990 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076215645 5 bytes JMP 000000006aba3210 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007622f61f 5 bytes JMP 000000006aba3280 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076250867 5 bytes JMP 000000006aba27f0 .text C:\Users\12alfa\Downloads\pl2tplhk.exe[7940] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076267af4 5 bytes JMP 000000006aba31f0 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800370c964] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Devices - GMER 2.2 ---- Device \FileSystem\MBAMWebProtection \Device\StreamEitor fffff8800b619e1c ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [3860:6056] 000007fefa6a9688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f81654306861 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f81654306861 Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\f81654306861 (not active ControlSet) ---- EOF - GMER 2.2 ----