API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 30th, 2013
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 131.40 KB | None | 0 0
raw download clone embed print report
  1. GMER 2.1.19163 - http://www.gmer.net
  2. Rootkit scan 2013-04-30 20:25:14
  3. Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
  4. Running: 65bv0szz.exe; Driver: C:\Users\Lida\AppData\Local\Temp\kwlyyuod.sys
  5.  
  6.  
  7. ---- User code sections - GMER 2.1 ----
  8.  
  9. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  10. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  11. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  12. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  13. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  14. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  15. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  16. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  17. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  18. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  19. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  20. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  21. .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  22. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  23. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  24. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  25. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  26. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  27. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  28. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  29. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  30. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  31. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  32. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  33. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  34. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  35. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  36. .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  37. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  38. .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  39. .text ... * 2
  40. .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  41. .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  42. .text ... * 2
  43. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  44. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  45. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  46. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  47. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  48. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  49. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7cbdc88 5 bytes JMP 000007fff7c900d8
  50. .text C:\Windows\system32\Dwm.exe[2512] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7cbde10 5 bytes JMP 000007fff7c90110
  51. .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  52. .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  53. .text ... * 2
  54. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  55. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  56. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  57. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  58. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  59. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  60. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  61. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  62. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  63. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  64. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  65. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  66. .text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  67. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  68. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  69. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  70. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  71. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  72. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  73. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  74. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  75. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  76. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  77. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  78. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  79. .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3140] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  80. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  81. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  82. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  83. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  84. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  85. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  86. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  87. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  88. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  89. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  90. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  91. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  92. .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3120] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  93. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  94. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  95. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  96. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  97. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  98. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  99. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  100. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  101. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  102. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  103. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  104. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  105. .text C:\Program Files\Apoint2K\Apoint.exe[3156] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  106. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  107. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  108. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  109. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  110. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  111. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  112. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  113. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  114. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  115. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  116. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  117. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  118. .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3204] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  119. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  120. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  121. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  122. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  123. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  124. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  125. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  126. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  127. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  128. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  129. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  130. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  131. .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  132. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  133. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  134. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  135. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  136. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  137. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  138. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  139. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  140. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  141. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  142. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  143. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  144. .text C:\Dolby PCEE4\pcee4.exe[4520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  145. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  146. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  147. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  148. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  149. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  150. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  151. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  152. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  153. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  154. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  155. .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  156. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  157. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  158. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  159. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  160. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  161. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  162. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  163. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  164. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  165. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  166. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  167. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  168. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  169. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  170. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  171. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  172. .text C:\Program Files (x86)\Launch Manager\LManager.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  173. .text ... * 2
  174. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  175. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  176. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  177. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  178. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  179. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  180. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  181. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  182. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  183. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  184. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  185. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  186. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  187. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  188. .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4808] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  189. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  190. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  191. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  192. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  193. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  194. .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  195. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  196. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2540] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  197. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  198. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  199. .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe[2540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  200. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  201. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  202. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  203. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  204. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  205. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  206. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  207. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  208. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  209. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  210. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  211. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  212. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  213. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  214. .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  215. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  216. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  217. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  218. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  219. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  220. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  221. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  222. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  223. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  224. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  225. .text C:\Program Files\Apoint2K\ApMsgFwd.exe[4036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  226. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  227. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  228. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  229. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  230. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  231. .text C:\Program Files\Apoint2K\HidFind.exe[3316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  232. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cefe0 5 bytes JMP 000000016fff0148
  233. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f99b0 7 bytes JMP 000000016fff00d8
  234. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775094d0 5 bytes JMP 000000016fff0180
  235. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077509640 5 bytes JMP 000000016fff0110
  236. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007752a500 7 bytes JMP 000000016fff01b8
  237. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  238. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  239. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  240. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  241. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  242. .text C:\Program Files\Apoint2K\Apntex.exe[3016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  243. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  244. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  245. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  246. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  247. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  248. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  249. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  250. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  251. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  252. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  253. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  254. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  255. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  256. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  257. .text C:\Program Files (x86)\Launch Manager\LMworker.exe[3652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  258. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  259. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  260. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  261. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  262. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  263. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  264. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  265. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  266. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  267. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  268. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  269. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  270. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  271. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  272. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  273. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  274. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  275. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  276. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  277. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  278. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  279. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  280. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  281. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  282. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  283. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  284. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  285. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  286. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  287. .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  288. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  289. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  290. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  291. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  292. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  293. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  294. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  295. .text C:\Windows\system32\wbem\unsecapp.exe[3932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  296. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  297. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  298. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  299. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  300. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  301. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  302. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  303. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  304. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  305. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  306. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  307. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  308. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  309. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  310. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  311. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  312. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  313. .text ... * 2
  314. ? C:\Windows\system32\mssprxy.dll [5448] entry point in ".rdata" section 000000006afb71e6
  315. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x1fb228; JMP RDX}
  316. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x1fb268; JMP RDX}
  317. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x1fb1a8; JMP RDX}
  318. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x1fb128; JMP RDX}
  319. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x1fb328; JMP RDX}
  320. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x1fb368; JMP RDX}
  321. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x1fb2e8; JMP RDX}
  322. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x1fb2a8; JMP RDX}
  323. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x1fb068; JMP RDX}
  324. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x1fb0a8; JMP RDX}
  325. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x1fb028; JMP RDX}
  326. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x1fb1e8; JMP RDX}
  327. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x1fb168; JMP RDX}
  328. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x1fb0e8; JMP RDX}
  329. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  330. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  331. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  332. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  333. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  334. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  335. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  336. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  337. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  338. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  339. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  340. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  341. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  342. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  343. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  344. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  345. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  346. .text ... * 2
  347. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0xa78228; JMP RDX}
  348. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0xa78268; JMP RDX}
  349. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0xa781a8; JMP RDX}
  350. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0xa78128; JMP RDX}
  351. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0xa78328; JMP RDX}
  352. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0xa78368; JMP RDX}
  353. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0xa782e8; JMP RDX}
  354. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0xa782a8; JMP RDX}
  355. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0xa78068; JMP RDX}
  356. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0xa780a8; JMP RDX}
  357. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0xa78028; JMP RDX}
  358. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0xa781e8; JMP RDX}
  359. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0xa78168; JMP RDX}
  360. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0xa780e8; JMP RDX}
  361. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  362. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  363. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  364. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  365. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  366. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  367. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  368. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  369. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  370. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  371. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  372. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  373. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  374. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  375. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  376. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  377. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  378. .text ... * 2
  379. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x46a628; JMP RDX}
  380. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x46a668; JMP RDX}
  381. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x46a5a8; JMP RDX}
  382. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x46a528; JMP RDX}
  383. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x46a728; JMP RDX}
  384. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x46a768; JMP RDX}
  385. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x46a6e8; JMP RDX}
  386. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x46a6a8; JMP RDX}
  387. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x46a468; JMP RDX}
  388. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x46a4a8; JMP RDX}
  389. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x46a428; JMP RDX}
  390. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x46a5e8; JMP RDX}
  391. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x46a568; JMP RDX}
  392. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x46a4e8; JMP RDX}
  393. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  394. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  395. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  396. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  397. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  398. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  399. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  400. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  401. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  402. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  403. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  404. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  405. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  406. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  407. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  408. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  409. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  410. .text ... * 2
  411. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x2cae28; JMP RDX}
  412. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x2cae68; JMP RDX}
  413. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x2cada8; JMP RDX}
  414. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x2cad28; JMP RDX}
  415. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x2caf28; JMP RDX}
  416. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x2caf68; JMP RDX}
  417. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x2caee8; JMP RDX}
  418. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x2caea8; JMP RDX}
  419. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x2cac68; JMP RDX}
  420. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x2caca8; JMP RDX}
  421. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x2cac28; JMP RDX}
  422. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x2cade8; JMP RDX}
  423. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x2cad68; JMP RDX}
  424. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x2cace8; JMP RDX}
  425. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  426. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  427. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  428. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  429. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  430. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  431. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  432. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  433. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  434. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  435. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  436. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  437. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  438. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  439. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  440. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  441. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  442. .text ... * 2
  443. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0xdb2228; JMP RDX}
  444. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0xdb2268; JMP RDX}
  445. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0xdb21a8; JMP RDX}
  446. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0xdb2128; JMP RDX}
  447. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0xdb2328; JMP RDX}
  448. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0xdb2368; JMP RDX}
  449. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0xdb22e8; JMP RDX}
  450. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0xdb22a8; JMP RDX}
  451. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0xdb2068; JMP RDX}
  452. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0xdb20a8; JMP RDX}
  453. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0xdb2028; JMP RDX}
  454. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0xdb21e8; JMP RDX}
  455. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0xdb2168; JMP RDX}
  456. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0xdb20e8; JMP RDX}
  457. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  458. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  459. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  460. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  461. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  462. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  463. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  464. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  465. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  466. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  467. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  468. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  469. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  470. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  471. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  472. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  473. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  474. .text ... * 2
  475. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefe2d3460 7 bytes JMP 000007fffe2c00d8
  476. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefe2d9940 6 bytes JMP 000007fffe2c0148
  477. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefe2d9fb0 5 bytes JMP 000007fffe2c0180
  478. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefe2da150 5 bytes JMP 000007fffe2c0110
  479. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9e89e0 8 bytes JMP 000007fffe2c01f0
  480. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ebe40 8 bytes JMP 000007fffe2c01b8
  481. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffe2c0228
  482. .text C:\Windows\system32\taskeng.exe[3516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffe2c0260
  483. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x272e28; JMP RDX}
  484. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x272e68; JMP RDX}
  485. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x272da8; JMP RDX}
  486. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x272d28; JMP RDX}
  487. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x272f28; JMP RDX}
  488. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x272f68; JMP RDX}
  489. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x272ee8; JMP RDX}
  490. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x272ea8; JMP RDX}
  491. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x272c68; JMP RDX}
  492. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x272ca8; JMP RDX}
  493. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x272c28; JMP RDX}
  494. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x272de8; JMP RDX}
  495. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x272d68; JMP RDX}
  496. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x272ce8; JMP RDX}
  497. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  498. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  499. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  500. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  501. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  502. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  503. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  504. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  505. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  506. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  507. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  508. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  509. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  510. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  511. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  512. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  513. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  514. .text ... * 2
  515. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  516. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  517. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  518. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  519. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  520. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  521. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  522. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  523. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  524. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  525. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  526. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  527. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  528. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  529. .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  530. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x8e3628; JMP RDX}
  531. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x8e3668; JMP RDX}
  532. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x8e35a8; JMP RDX}
  533. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x8e3528; JMP RDX}
  534. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x8e3728; JMP RDX}
  535. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x8e3768; JMP RDX}
  536. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x8e36e8; JMP RDX}
  537. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x8e36a8; JMP RDX}
  538. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x8e3468; JMP RDX}
  539. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x8e34a8; JMP RDX}
  540. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x8e3428; JMP RDX}
  541. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x8e35e8; JMP RDX}
  542. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x8e3568; JMP RDX}
  543. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x8e34e8; JMP RDX}
  544. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  545. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  546. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  547. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  548. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  549. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  550. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  551. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  552. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  553. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  554. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  555. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  556. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  557. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  558. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  559. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  560. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  561. .text ... * 2
  562. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d6f991 7 bytes {MOV EDX, 0x415a28; JMP RDX}
  563. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d6fbd5 7 bytes {MOV EDX, 0x415a68; JMP RDX}
  564. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d6fc05 7 bytes {MOV EDX, 0x4159a8; JMP RDX}
  565. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d6fc1d 7 bytes {MOV EDX, 0x415928; JMP RDX}
  566. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d6fc35 7 bytes {MOV EDX, 0x415b28; JMP RDX}
  567. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d6fc65 7 bytes {MOV EDX, 0x415b68; JMP RDX}
  568. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d6fce5 7 bytes {MOV EDX, 0x415ae8; JMP RDX}
  569. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d6fcfd 7 bytes {MOV EDX, 0x415aa8; JMP RDX}
  570. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d6fd49 7 bytes {MOV EDX, 0x415868; JMP RDX}
  571. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d6fe41 7 bytes {MOV EDX, 0x4158a8; JMP RDX}
  572. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d70099 7 bytes {MOV EDX, 0x415828; JMP RDX}
  573. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d710a5 7 bytes {MOV EDX, 0x4159e8; JMP RDX}
  574. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d7111d 7 bytes {MOV EDX, 0x415968; JMP RDX}
  575. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d71321 7 bytes {MOV EDX, 0x4158e8; JMP RDX}
  576. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  577. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  578. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  579. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  580. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  581. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  582. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  583. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  584. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  585. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  586. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  587. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  588. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  589. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  590. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  591. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
  592. .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
  593. .text ... * 2
  594. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000077231429 7 bytes JMP 00000001727712ad
  595. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007724b223 5 bytes JMP 00000001727715be
  596. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772c88f4 7 bytes JMP 0000000172771357
  597. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772c8979 5 bytes JMP 00000001727716e0
  598. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772c8ccf 5 bytes JMP 0000000172771028
  599. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000770d1d1b 5 bytes JMP 00000001727711ef
  600. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000770d1dc9 5 bytes JMP 0000000172771023
  601. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000770d2aa4 5 bytes JMP 000000017277156e
  602. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000770d2d0a 5 bytes JMP 0000000172771294
  603. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007564e9a2 5 bytes JMP 00000001727715d7
  604. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007564ebdc 5 bytes JMP 00000001727711b8
  605. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075da8a29 5 bytes JMP 0000000172771050
  606. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075db4572 5 bytes JMP 00000001727710d2
  607. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a85ea5 5 bytes JMP 0000000172771609
  608. .text C:\Users\Lida\Desktop\65bv0szz.exe[4592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ab9d0b 5 bytes JMP 0000000172771249
  609.  
  610. ---- Registry - GMER 2.1 ----
  611.  
  612. Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543004635
  613. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543004635 (not active ControlSet)
  614.  
  615. ---- EOF - GMER 2.1 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!