GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-04 19:06:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600JS-00MHB0 rev.02.01C03 149,05GB Running: p7l7e137.exe; Driver: C:\Users\HunT\AppData\Local\Temp\aftciaow.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ea1401 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ea1419 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ea1431 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ea144a 2 bytes [EA, 74] .text ... * 9 .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ea14dd 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ea14f5 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ea150d 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ea1525 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ea153d 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ea1555 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ea156d 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ea1585 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ea159d 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ea15b5 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ea15cd 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ea16b2 2 bytes [EA, 74] .text C:\Program Files\Gadu-Gadu\gg.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ea16bd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ea1401 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ea1419 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ea1431 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ea144a 2 bytes [EA, 74] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ea14dd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ea14f5 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ea150d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ea1525 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ea153d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ea1555 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ea156d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ea1585 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ea159d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ea15b5 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ea15cd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ea16b2 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ea16bd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007756f991 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007756f99b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007756fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007756fa17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007756fb25 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007756fb2f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007756fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007756fbdf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007756fc05 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007756fc0f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007756fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007756fc27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007756fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007756fc3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007756fc65 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007756fc6f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007756fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007756fcef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007756fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007756fd07 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007756fd49 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007756fd53 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007756fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007756fdb7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007756fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007756fe4b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007756ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007756ff93 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077570099 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000775700a3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077570781 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007757078b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077570ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077571007 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007757105d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077571067 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775710a5 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000775710af 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007757111d 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077571127 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077571321 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007757132b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007561103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075611072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000074e6119f 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000074e611cf 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000754c4de0 5 bytes JMP 00000001001a03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000754c4f70 5 bytes JMP 00000001001a05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000754c51a2 5 bytes JMP 00000001001a08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000754c522d 5 bytes JMP 00000001001a0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000754c5689 5 bytes JMP 00000001001a01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000754c58b3 5 bytes JMP 00000001001a0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000754c6bad 5 bytes JMP 00000001001a0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000754c6e05 5 bytes JMP 00000001001a0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000754c6ead 5 bytes JMP 00000001001a0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000754c7180 5 bytes JMP 00000001001a06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000754c7435 5 bytes JMP 00000001001a0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000754c7bcc 5 bytes JMP 00000001001a00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000754c7dc4 5 bytes JMP 00000001001a03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000754c7fd5 5 bytes JMP 00000001001a0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000754c82b2 5 bytes JMP 00000001001a0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000754c8401 5 bytes JMP 00000001001a09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000754c879f 5 bytes JMP 00000001001a02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000754c8916 5 bytes JMP 00000001001a05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000754c8b7a 5 bytes JMP 00000001001a0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000754c8ee6 5 bytes JMP 00000001001a0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000754c9875 5 bytes JMP 00000001001a0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000754c9936 5 bytes JMP 00000001001a0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000754ca53a 5 bytes JMP 00000001001a09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000754caf9f 5 bytes JMP 00000001001a0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!LineTo 00000000754cb9e5 5 bytes JMP 00000001001a0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000754cbd55 5 bytes JMP 00000001001a0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000754cc040 5 bytes JMP 00000001001a0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000754cc107 5 bytes JMP 00000001001a0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000754cc269 5 bytes JMP 00000001001a06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000754cd1f1 5 bytes JMP 00000001001a0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000754cd349 5 bytes JMP 00000001001a0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000754cdce4 5 bytes JMP 00000001001a0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000754ce743 5 bytes JMP 00000001001a00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000754d03b7 5 bytes JMP 00000001001a02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!Escape 00000000754d1bda 5 bytes JMP 00000001001a0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000754d1e89 5 bytes JMP 00000001001a0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000754d4843 5 bytes JMP 00000001001a0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000754d5690 5 bytes JMP 00000001001a0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!EndPage 00000000754d6bde 5 bytes JMP 00000001001a0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000754de2db 5 bytes JMP 00000001001a0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000754e940d 5 bytes JMP 00000001001a0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000754ec621 5 bytes JMP 00000001001a0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000754ed2b2 5 bytes JMP 00000001001a0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000754ed919 5 bytes JMP 00000001001a0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000754f3adc 5 bytes JMP 00000001001a0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000754f3f29 5 bytes JMP 00000001001a01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!StartPage 00000000754f401a 5 bytes JMP 00000001001a0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000754f4c51 5 bytes JMP 00000001001a07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000754f53fd 5 bytes JMP 00000001001a0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000754f5454 5 bytes JMP 00000001001a0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000754f54af 5 bytes JMP 00000001001a0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!EndPath 00000000754f5506 5 bytes JMP 00000001001a0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000754f573f 5 bytes JMP 00000001001a07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!FillPath 00000000754f57d2 5 bytes JMP 00000001001a0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000754f5c44 5 bytes JMP 00000001001a04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000754f5cd5 5 bytes JMP 00000001001a04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000754f5d87 5 bytes JMP 00000001001a08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000075e08c40 5 bytes JMP 00000001001b0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000075e09ebd 5 bytes JMP 00000001001b02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000075e10afa 5 bytes JMP 00000001001b02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000075e10c62 7 bytes JMP 00000001001b05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetParent 0000000075e10f68 7 bytes JMP 00000001001b06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075e1112d 7 bytes JMP 00000001001b06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075e112a5 5 bytes JMP 00000001001b05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000075e1227d 7 bytes JMP 00000001001b0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000075e13150 7 bytes JMP 00000001001b0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075e141f6 5 bytes JMP 00000001001b0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000075e168ef 5 bytes JMP 00000001001b0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075e177fa 5 bytes JMP 00000001001b0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075e17887 7 bytes JMP 00000001001b0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000075e18676 5 bytes JMP 00000001001b00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000075e18696 5 bytes JMP 00000001001b0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000075e18e8d 5 bytes JMP 00000001001b00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075e18ecb 5 bytes JMP 00000001001b0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000075e1c17b 5 bytes JMP 00000001001b0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000075e1c449 5 bytes JMP 00000001001b01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000075e1c468 5 bytes JMP 00000001001b03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000075e1c486 5 bytes JMP 00000001001b01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075e1c4b6 5 bytes JMP 00000001001b04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075e1d6c0 5 bytes JMP 00000001001b04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000075e1e360 5 bytes JMP 00000001001b0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075e48e57 5 bytes JMP 00000001001b0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075e49cfd 5 bytes JMP 00000001001b0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075e49f1d 5 bytes JMP 00000001001b0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075e67cb9 5 bytes JMP 00000001001b0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075e68111 5 bytes JMP 00000001001b0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000075e6832f 5 bytes JMP 00000001001b03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074c49606 5 bytes JMP 00000001001c00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074c50581 5 bytes JMP 00000001001c0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074c50bb9 5 bytes JMP 00000001001c0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074c50c2e 5 bytes JMP 00000001001c01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074c50f2e 5 bytes JMP 00000001001c0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074c51096 5 bytes JMP 00000001001c00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074c5124e 5 bytes JMP 00000001001c01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074c5129d 5 bytes JMP 00000001001c0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074c51527 5 bytes JMP 00000001001c0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074c51590 5 bytes JMP 00000001001c0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075a50045 5 bytes JMP 00000001001d0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075a536b2 5 bytes JMP 00000001001d0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075a7fdcd 5 bytes JMP 00000001001d00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074ea1401 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074ea1419 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074ea1431 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074ea144a 2 bytes [EA, 74] .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074ea14dd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074ea14f5 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074ea150d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074ea1525 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074ea153d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074ea1555 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074ea156d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074ea1585 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074ea159d 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074ea15b5 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074ea15cd 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074ea16b2 2 bytes [EA, 74] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074ea16bd 2 bytes [EA, 74] ---- EOF - GMER 2.0 ----