GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-13 00:11:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 Samsung_SSD_850_EVO_500GB rev.EMT01B6Q 465,76GB Running: 1hhw1z9j.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\kgloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\Dwm.exe[1468] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\Explorer.EXE[1504] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\Explorer.EXE[1504] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\Explorer.EXE[1504] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\Explorer.EXE[1504] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cb2ab1 5 bytes JMP 00000001013cf182 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 00000000765330aa 7 bytes JMP 0000000100460095 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076536bd8 7 bytes JMP 000000010046002d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076537142 7 bytes JMP 00000001004600c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 000000007653cc3a 7 bytes JMP 0000000100460061 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c29d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075c29d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007075451e 3 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen + 4 0000000070754522 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070754b6d 3 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutClose + 4 0000000070754b71 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070754bf2 3 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader + 4 0000000070754bf6 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070754f0f 3 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader + 4 0000000070754f13 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070754f7b 3 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite + 4 0000000070754f7f 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070759054 3 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInOpen + 4 0000000070759058 1 byte [9F] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007075adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000707752e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007077535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000707759cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070775a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070775ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070775b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070775bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070775bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070775c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070775c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073037e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007306de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007307d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007307d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3012] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007307d429 5 bytes JMP 000000011000aa80 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c29d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075c29d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007075451e 3 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen + 4 0000000070754522 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070754b6d 3 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutClose + 4 0000000070754b71 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070754bf2 3 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader + 4 0000000070754bf6 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070754f0f 3 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader + 4 0000000070754f13 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070754f7b 3 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite + 4 0000000070754f7f 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070759054 3 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInOpen + 4 0000000070759058 1 byte [9F] .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007075adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000707752e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007077535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000707759cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070775a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070775ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070775b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070775bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070775bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070775c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070775c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073037e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007306de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007307d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007307d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[3060] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007307d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef9ed36ac 5 bytes JMP 000007fefd5d01f0 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef9ed3770 5 bytes JMP 000007fefd5d0298 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef9ed38d0 5 bytes JMP 000007fefd5d01b8 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef9ed3ca4 5 bytes JMP 000007fefd5d0260 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef9ed3d40 5 bytes JMP 000007fefd5d0228 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef9ed7fe0 7 bytes JMP 000007fefd5d0378 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef9eda38c 5 bytes JMP 000007fefd5d02d0 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef9ef49f0 5 bytes JMP 000007fefd5d0308 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef9ef4ab0 5 bytes JMP 000007fefd5d0340 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInClose 000007fef9ef52e0 5 bytes JMP 000007fefd5d03b0 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef9ef53c0 5 bytes JMP 000007fefd5d0490 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef9ef5454 5 bytes JMP 000007fefd5d04c8 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef9ef5514 5 bytes JMP 000007fefd5d0500 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInStart 000007fef9ef55a4 6 bytes JMP 000007fefd5d03e8 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInStop 000007fef9ef55e4 6 bytes JMP 000007fefd5d0420 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInReset 000007fef9ef5624 5 bytes JMP 000007fefd5d0458 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef9ef567c 5 bytes JMP 000007fefd5d0538 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007feeea36944 7 bytes JMP 000007fefd5d0180 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007feeea55a84 7 bytes JMP 000007fefd5d0148 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007feeea55b90 7 bytes JMP 000007fefd5d0570 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007feeea55c94 7 bytes JMP 000007fefd5d05a8 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007feeea55da8 5 bytes JMP 000007fefd5d05e0 .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system\HsMgr64.exe[2212] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text F:\Rainlendar2\Rainlendar2.exe[180] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text F:\Rainlendar2\Rainlendar2.exe[180] C:\Windows\system32\WS2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text F:\Rainlendar2\Rainlendar2.exe[180] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text F:\Rainlendar2\Rainlendar2.exe[180] C:\Windows\system32\WS2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\RunDll32.exe[2552] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\RunDll32.exe[2552] C:\Windows\system32\WS2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\RunDll32.exe[2552] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\RunDll32.exe[2552] C:\Windows\system32\WS2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c29d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075c29d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007075451e 3 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen + 4 0000000070754522 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070754b6d 3 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutClose + 4 0000000070754b71 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070754bf2 3 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader + 4 0000000070754bf6 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070754f0f 3 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader + 4 0000000070754f13 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070754f7b 3 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite + 4 0000000070754f7f 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070759054 3 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInOpen + 4 0000000070759058 1 byte [9F] .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007075adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000707752e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007077535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000707759cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070775a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070775ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070775b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070775bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070775bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070775c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070775c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073037e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007306de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007307d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007307d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Perixx Gaming mouse\SE61T-UserTools.exe[2948] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007307d429 5 bytes JMP 000000011000aa80 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000075c29d0b 5 bytes JMP 0000000103b5a4d0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\syswow64\ole32.DLL!CoCreateInstanceEx 0000000075c29d4e 5 bytes JMP 0000000103b5a630 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007075451e 5 bytes JMP 0000000103b5ab40 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000070754b6d 5 bytes JMP 0000000103b5abb0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000070754bf2 5 bytes JMP 0000000103b5ac90 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000070754f0f 5 bytes JMP 0000000103b5ac50 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000070754f7b 5 bytes JMP 0000000103b5ac10 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000070759054 5 bytes JMP 0000000103b5ad10 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007075adf9 5 bytes JMP 0000000103b5abe0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000707752e8 5 bytes JMP 0000000103b5acd0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007077535f 5 bytes JMP 0000000103b5acf0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000707759cc 5 bytes JMP 0000000103b5ae40 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000070775a6a 5 bytes JMP 0000000103b5aec0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000070775ad7 5 bytes JMP 0000000103b5af00 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000070775b5b 5 bytes JMP 0000000103b5af40 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000070775bba 5 bytes JMP 0000000103b5af80 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000070775bee 5 bytes JMP 0000000103b5b000 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000070775c22 5 bytes JMP 0000000103b5b060 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000070775c67 5 bytes JMP 0000000103b5b0d0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000073037e3d 5 bytes JMP 0000000103b5a690 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000007306de69 5 bytes JMP 0000000103b5a770 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000007307d2c5 5 bytes JMP 0000000103b5a8a0 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000007307d371 5 bytes JMP 0000000103b5a990 .text F:\Ad Muncher\AdMunch.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000007307d429 5 bytes JMP 0000000103b5aa80 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4412] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4412] C:\Windows\system32\WS2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4412] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4412] C:\Windows\system32\WS2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4628] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4628] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4628] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4628] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Local\Temp\is1094620407\06909EB0_stp\Install_uk.exe[5024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe[4660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[1316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\7\plugin.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 761fb21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 761fb346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76278f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 761d489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76278822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 762789f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76278718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76278ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 761efca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 761f68ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76278fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76278b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 762786dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 761efd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 761fb2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76278ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugins\3\plugin.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76278671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[5136] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\wuauclt.exe[5136] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\wuauclt.exe[5136] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\wuauclt.exe[5136] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fe3260 5 bytes JMP 000000010028075c .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fe6f30 5 bytes JMP 00000001002803a4 .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Opera x64\opera.exe[6512] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text F:\totalcmd\TOTALCMD64.EXE[5076] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff0f45c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text F:\totalcmd\TOTALCMD64.EXE[5076] C:\Windows\system32\ws2_32.dll!getsockname 000007feff0f9480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text F:\totalcmd\TOTALCMD64.EXE[5076] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff11e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text F:\totalcmd\TOTALCMD64.EXE[5076] C:\Windows\system32\ws2_32.dll!getpeername 000007feff11e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:916] 00000000764e7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:2924] 0000000072c88aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:2120] 00000000771e1415 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:3384] 00000000771f2855 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:6164] 00000000771f2855 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6092:6584] 00000000771f2855 ---- EOF - GMER 2.1 ----