GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2021-02-22 20:47:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 CT1000MX rev.M3CR 931,51GB Running: xwkccr45.exe; Driver: C:\Users\Pompon\AppData\Local\Temp\pxldapod.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [4196:6460] 000007fee6b29688 ---- EOF - GMER 2.2 ---- GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2021-02-22 21:31:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 CT1000MX rev.M3CR 931,51GB Running: xwkccr45.exe; Driver: C:\Users\Pompon\AppData\Local\Temp\pxldapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 978 fffff80002eab2a2 1 byte [21] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[1524] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef861dc88 5 bytes JMP 000007fef85f00d8 .text C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef861de10 5 bytes JMP 000007fef85f0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76} .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76} .text ... * 2 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2864] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[2876] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Windows\System32\igfxpers.exe[2912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Windows\System32\StikyNot.exe[2944] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3124] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3144] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000743e11a8 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000743e13a8 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000743e1422 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe[3228] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000743e1498 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000743e11a8 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000743e13a8 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000743e1422 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000743e1498 2 bytes [3E, 74] .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76} .text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[3244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76} .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76} .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3276] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76} .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3428] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76} .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[3496] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76} .text ... * 2 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[3964] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe[4752] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef861dc88 5 bytes JMP 000007fef85f00d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef861de10 5 bytes JMP 000007fef85f0110 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8672460 5 bytes JMP 000007fefd1c02d0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef86a96b0 6 bytes JMP 000007fefd1c0298 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074eb1465 2 bytes {JMP 0x76} .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074eb14bb 2 bytes {JMP 0x76} .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ed8a39 5 bytes JMP 0000000071a93840 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dd5da5 5 bytes JMP 0000000071a93800 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6348] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e09beb 5 bytes JMP 0000000071a936e0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000775c9a20 16 bytes {MOV RAX, 0x7fedc8c9b70; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077346c60 5 bytes JMP 000000006fff02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007734a364 5 bytes JMP 000000006fff0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000773504ec 7 bytes JMP 000000006fff0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000000007735ca10 9 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077390c50 5 bytes JMP 000000006fff0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6576] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1b00d8 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1b0180 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1b0110 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1b0148 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1b01f0 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1b01b8 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1b0228 .text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[8100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1b0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Users\Pompon\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe[6680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0f23a0 6 bytes JMP 000007fefd1c0228 .text C:\Users\Pompon\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe[6680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff103da0 7 bytes JMP 000007fefd1c0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000775c9870 7 bytes [48, B8, 20, B3, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000775c9878 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000775c99e0 4 bytes [48, B8, C0, B3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 5 00000000775c99e5 2 bytes [3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775c9a00 7 bytes [48, B8, 70, C7, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000775c9a08 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 00000000775c9a18 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000775c9a28 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000775c9a40 7 bytes [48, B8, B0, B2, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000775c9a48 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000775c9a90 7 bytes [48, B8, 50, B4, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 00000000775c9a98 15 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 00000000775c9aa8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775c9ad0 3 bytes [48, B8, D0] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 4 00000000775c9ad4 3 bytes [21, 3F, 01] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000775c9b70 7 bytes [48, B8, F0, BB, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000775c9b78 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000775c9cf0 7 bytes [48, B8, 00, B5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000775c9cf8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000775ca760 7 bytes [48, B8, F0, C8, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000775ca768 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775ca7b0 7 bytes [48, B8, E0, C5, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 00000000775ca7b8 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000775ca900 7 bytes [48, B8, 10, BE, 21, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 00000000775ca908 8 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007744a240 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077453aa0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774700d0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747f350 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a9a60 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b90f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774d8850 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1d32e0 7 bytes JMP 000007fefd1c00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1db020 5 bytes JMP 000007fefd1c0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1db1c0 5 bytes JMP 000007fefd1c0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1db2b0 5 bytes JMP 000007fefd1c0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefea3aa90 8 bytes JMP 000007fefd1c01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefea3b990 8 bytes JMP 000007fefd1c01b8 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1dce 7 bytes JMP 0000000071a953f0 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5446 7 bytes JMP 0000000071a95a30 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075701441 7 bytes JMP 0000000071a95640 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570edcd 7 bytes JMP 0000000071a953e0 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000757991ac 7 bytes JMP 0000000071a94850 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075799231 5 bytes JMP 0000000071a94a30 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075799587 5 bytes JMP 0000000071a94860 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074fd1ea7 5 bytes JMP 0000000071a94770 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074fd1f55 5 bytes JMP 0000000071a94680 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074fd2c37 5 bytes JMP 0000000071a94a40 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074fd2ed9 5 bytes JMP 0000000071a94370 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007516d693 5 bytes JMP 0000000071a93980 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007516d8cd 5 bytes JMP 0000000071a93990 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074ee5502 5 bytes JMP 0000000071a94300 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074ee746f 5 bytes JMP 0000000071a94360 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074f20d0f 5 bytes JMP 0000000071a935c0 .text C:\Users\Pompon\Desktop\xwkccr45.exe[6632] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074f38064 5 bytes JMP 0000000071a942d0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6708] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6968] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7048] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7076] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7112] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7136] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7152] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6424] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7452] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7656] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7932] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1176] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2332] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6448] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\UIAutomationCore.DLL[KERNEL32.dll!CreateNamedPipeW] [7770002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed93f49c0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed93f4990] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed93f4970] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed93f49e0] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3540] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed93f4a10] C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\chrome.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [4196:6460] 000007fee6b29688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}\Connection@Name isatap.{C0A0D853-63CF-4FF5-947F-D25B8C4943C6} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}\Connection@Name isatap.{EF6E442D-ED49-408F-BA89-E8DFFB44D46D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{ABDD3C55-C479-4C17-BC78-D0DA44517286}?\Device\{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}?\Device\{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}?\Device\{513050B1-D777-4C06-BA0B-A4AA62E39D54}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{ABDD3C55-C479-4C17-BC78-D0DA44517286}"?"{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}"?"{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}"?"{513050B1-D777-4C06-BA0B-A4AA62E39D54}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{ABDD3C55-C479-4C17-BC78-D0DA44517286}?\Device\TCPIP6TUNNEL_{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}?\Device\TCPIP6TUNNEL_{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}?\Device\TCPIP6TUNNEL_{513050B1-D777-4C06-BA0B-A4AA62E39D54}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036ddf71033 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036ddf71033@0016943d5201 0x12 0xC7 0x2B 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}@InterfaceName isatap.{C0A0D853-63CF-4FF5-947F-D25B8C4943C6} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{64EDAE47-6C9E-4EA0-8E57-C6AF7B623075}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}@InterfaceName isatap.{EF6E442D-ED49-408F-BA89-E8DFFB44D46D} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7CAE8636-F6AF-4933-A1BB-C0DE8D4E0F31}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036ddf71033 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036ddf71033@0016943d5201 0x12 0xC7 0x2B 0xC3 ... ---- Files - GMER 2.2 ---- File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\3517659d-7a26-411f-bf56-bb5ef79ccb30.tmp 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bf0 1720534 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bd4 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bd8 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bd9 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bda 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bdb 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bdc 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bdd 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bde 1048576 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bdf 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be0 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be1 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be2 0 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be6 18981 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be7 19181 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008be9 20216 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bea 21238 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008bed 2301440 bytes executable File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\Cache\f_004633 19774 bytes File C:\Users\Pompon\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\036141.log 19 bytes File C:\Users\Pompon\AppData\Local\Temp\6b50351f-c926-4ebe-a758-02f890a94419.tmp 0 bytes ---- EOF - GMER 2.2 ----