GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-04-21 18:08:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1ER162 rev.CC45 931,51GB Running: jhnmqgsg.exe; Driver: C:\Users\Michal\AppData\Local\Temp\awrdrpoc.sys ---- User code sections - GMER 2.1 ---- .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2796] entry point in ".rdata" section 00000000720c71e6 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751c9cbb 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000751c9cfe 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ef2451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ef24b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ef24bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ef24f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ef24f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ef29054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ef2adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ef452e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ef4535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ef459cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ef45a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ef45ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ef45b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ef45bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ef45bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ef45c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ef45c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006d427e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006d45de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006d46d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006d46d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2188] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006d46d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa6436ac 5 bytes JMP 000007fefde001f0 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa643770 5 bytes JMP 000007fefde00298 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa6438d0 5 bytes JMP 000007fefde001b8 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa643ca4 5 bytes JMP 000007fefde00260 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa643d40 5 bytes JMP 000007fefde00228 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa647fe0 7 bytes JMP 000007fefde00378 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa64a38c 5 bytes JMP 000007fefde002d0 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa6649f0 5 bytes JMP 000007fefde00308 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa664ab0 5 bytes JMP 000007fefde00340 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa6652e0 5 bytes JMP 000007fefde003b0 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa6653c0 5 bytes JMP 000007fefde00490 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa665454 5 bytes JMP 000007fefde004c8 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa665514 5 bytes JMP 000007fefde00500 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa6655a4 6 bytes JMP 000007fefde003e8 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa6655e4 6 bytes JMP 000007fefde00420 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa665624 5 bytes JMP 000007fefde00458 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa66567c 5 bytes JMP 000007fefde00538 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef4fb6944 7 bytes JMP 000007fefde00180 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef4fd5a84 7 bytes JMP 000007fefde00148 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef4fd5b90 7 bytes JMP 000007fefde00570 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef4fd5c94 7 bytes JMP 000007fefde005a8 .text C:\Windows\system\HsMgr64.exe[2668] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef4fd5da8 5 bytes JMP 000007fefde005e0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751c9cbb 5 bytes JMP 000000011000a4d0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000751c9cfe 5 bytes JMP 000000011000a630 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ef2451e 5 bytes JMP 000000011000ab40 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ef24b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ef24bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ef24f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ef24f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ef29054 5 bytes JMP 000000011000ad10 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ef2adf9 5 bytes JMP 000000011000abe0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ef452e8 5 bytes JMP 000000011000acd0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ef4535f 5 bytes JMP 000000011000acf0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ef459cc 5 bytes JMP 000000011000ae40 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ef45a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ef45ad7 5 bytes JMP 000000011000af00 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ef45b5b 5 bytes JMP 000000011000af40 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ef45bba 5 bytes JMP 000000011000af80 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ef45bee 5 bytes JMP 000000011000b000 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ef45c22 5 bytes JMP 000000011000b060 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ef45c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006d427e3d 5 bytes JMP 000000011000a690 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006d45de69 5 bytes JMP 000000011000a770 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006d46d2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006d46d371 5 bytes JMP 000000011000a990 .text C:\Users\Michal\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3804] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006d46d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751c9cbb 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000751c9cfe 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ef2451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ef24b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ef24bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ef24f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ef24f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ef29054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ef2adf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ef452e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ef4535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ef459cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ef45a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ef45ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ef45b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ef45bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ef45bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ef45c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ef45c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006d427e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006d45de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006d46d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006d46d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006d46d429 5 bytes JMP 000000011000aa80 .text D:\Program Files\AVAST Software\Avast\avastui.exe[4960] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074ec8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751c9cbb 5 bytes JMP 000000011000a4d0 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000751c9cfe 5 bytes JMP 000000011000a630 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006d427e3d 5 bytes JMP 000000011000a690 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006d45de69 5 bytes JMP 000000011000a770 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006d46d2c5 5 bytes JMP 000000011000a8a0 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006d46d371 5 bytes JMP 000000011000a990 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4716] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006d46d429 5 bytes JMP 000000011000aa80 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751c9cbb 5 bytes JMP 000000011000a4d0 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000751c9cfe 5 bytes JMP 000000011000a630 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006d427e3d 5 bytes JMP 000000011000a690 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006d45de69 5 bytes JMP 000000011000a770 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006d46d2c5 5 bytes JMP 000000011000a8a0 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006d46d371 5 bytes JMP 000000011000a990 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006d46d429 5 bytes JMP 000000011000aa80 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074fc1401 2 bytes JMP 74eeb263 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074fc1419 2 bytes JMP 74eeb38e C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074fc1431 2 bytes JMP 74f690f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074fc144a 2 bytes CALL 74ec48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074fc14dd 2 bytes JMP 74f689ea C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074fc14f5 2 bytes JMP 74f68bc0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074fc150d 2 bytes JMP 74f688e0 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074fc1525 2 bytes JMP 74f68caa C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074fc153d 2 bytes JMP 74edfce8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074fc1555 2 bytes JMP 74ee6937 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074fc156d 2 bytes JMP 74f691a9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074fc1585 2 bytes JMP 74f68d0a C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074fc159d 2 bytes JMP 74f688a4 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074fc15b5 2 bytes JMP 74edfd81 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074fc15cd 2 bytes JMP 74eeb324 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074fc16b2 2 bytes JMP 74f6906c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074fc16bd 2 bytes JMP 74f68839 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----