GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-06 19:58:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-08M2NA0 rev.01.01A01 931,51GB Running: 8e7djjq3.exe; Driver: C:\Users\MIKOAJ~1\AppData\Local\Temp\uwliypog.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764e4296 5 bytes JMP 00000000288cc330 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000764e4889 5 bytes JMP 00000000288cb2d0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000764ed1ea 5 bytes JMP 00000000288cbb10 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA 00000000764f469b 5 bytes JMP 00000000288cb7e0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764f7673 5 bytes JMP 00000000288cb670 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007743000c 1 byte [C3] .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000774bf11a 5 bytes JMP 0000000077478a53 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764e4296 5 bytes JMP 00000000288cc330 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000764e4889 5 bytes JMP 00000000288cb2d0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000764ed1ea 5 bytes JMP 00000000288cbb10 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA 00000000764f469b 5 bytes JMP 00000000288cb7e0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764f7673 5 bytes JMP 00000000288cb670 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[1648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\WS2_32.DLL!getaddrinfo 00000000764e4296 5 bytes JMP 00000000288cc330 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\WS2_32.DLL!GetAddrInfoW 00000000764e4889 5 bytes JMP 00000000288cb2d0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\WS2_32.DLL!GetAddrInfoExW 00000000764ed1ea 5 bytes JMP 00000000288cbb10 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\WS2_32.DLL!GetAddrInfoExA 00000000764f469b 5 bytes JMP 00000000288cb7e0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\WS2_32.DLL!gethostbyname 00000000764f7673 5 bytes JMP 00000000288cb670 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\screenSHU\screenSHU.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764e4296 5 bytes JMP 00000000288cc330 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000764e4889 5 bytes JMP 00000000288cb2d0 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000764ed1ea 5 bytes JMP 00000000288cbb10 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA 00000000764f469b 5 bytes JMP 00000000288cb7e0 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764f7673 5 bytes JMP 00000000288cb670 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Local\GG\Application\gghub.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007743f900 5 bytes JMP 000000000051c520 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007743f938 5 bytes JMP 000000000051ba10 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007743f9f0 5 bytes JMP 000000000051c27c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 000000007743fa08 5 bytes JMP 000000000051bae4 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007743fa20 5 bytes JMP 000000000051c468 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007743fa38 5 bytes JMP 000000000051ae60 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007743fa50 5 bytes JMP 000000000051a580 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007743faa0 5 bytes JMP 000000000051a640 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007743fab8 5 bytes JMP 000000000051a6f8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007743fae8 5 bytes JMP 0000000000519eac .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007743fb50 5 bytes JMP 000000000051ab3c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007743fc48 5 bytes JMP 000000000051c3b0 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007743fc60 5 bytes JMP 000000000051c9d8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007743fc90 5 bytes JMP 000000000051c844 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007743fcc0 5 bytes JMP 000000000051b9a8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007743fd5c 5 bytes JMP 000000000051a7dc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007743fd74 5 bytes JMP 000000000051cc88 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007743fda8 5 bytes JMP 000000000051bbc4 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007743fdd8 5 bytes JMP 000000000051bcac .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtFsControlFile 000000007743fe08 5 bytes JMP 000000000051a244 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007743fe54 5 bytes JMP 000000000051be3c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007743fe6c 5 bytes JMP 000000000051ceac .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile 000000007743ff9c 5 bytes JMP 000000000051c048 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007743ffb4 5 bytes JMP 000000000051cb60 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile 000000007743ffcc 5 bytes JMP 000000000051a304 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007743fffc 5 bytes JMP 0000000000519cdc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077440014 5 bytes JMP 0000000000519df0 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection 0000000077440060 5 bytes JMP 000000000051c920 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077440078 1 byte JMP 0000000000519ecc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread + 2 000000007744007a 3 bytes {JMP 0xffffffff890d9e54} .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000774400c4 5 bytes JMP 000000000051c5f8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000774401d4 5 bytes JMP 000000000051a89c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheck 0000000077440238 5 bytes JMP 000000000051a4a8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077440824 1 byte JMP 0000000000519bc8 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess + 2 0000000077440826 3 bytes {JMP 0xffffffff890d93a4} .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007744092c 5 bytes JMP 0000000000519f2c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000774409f4 5 bytes JMP 000000000051c100 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077440a0c 5 bytes JMP 000000000051aa04 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077440a54 5 bytes JMP 000000000051a960 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtExtendSection 0000000077440b2c 5 bytes JMP 000000000051a3e4 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077440b90 5 bytes JMP 000000000051aaa0 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey 0000000077440e1c 5 bytes JMP 000000000051afdc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey2 0000000077440e34 5 bytes JMP 000000000051b16c .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtLockFile 0000000077440e64 5 bytes JMP 000000000051c110 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeDirectoryFile 0000000077440f68 5 bytes JMP 000000000051a134 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077440f80 5 bytes JMP 000000000051b304 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077441028 5 bytes JMP 000000000051acdc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007744134c 5 bytes JMP 000000000051d038 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007744148c 5 bytes JMP 000000000051b3e4 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077441538 5 bytes JMP 000000000051a068 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtReplaceKey 0000000077441758 5 bytes JMP 000000000051b4a4 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey 00000000774417f0 5 bytes JMP 000000000051b624 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSaveKey 0000000077441884 5 bytes JMP 000000000051b6cc .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077441a68 5 bytes JMP 000000000051b770 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077441bac 5 bytes JMP 0000000000519f90 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtSetVolumeInformationFile 0000000077441cac 5 bytes JMP 000000000051bf44 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtUnloadKey 0000000077441e80 5 bytes JMP 000000000051b820 .text C:\Program Files (x86)\CPUCooL\CooLSrv.exe[2420] C:\Windows\SysWOW64\ntdll.dll!NtUnlockFile 0000000077441ec8 5 bytes JMP 000000000051c1d0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007743000c 1 byte [C3] .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000774bf11a 5 bytes JMP 0000000077478a53 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000764e4296 5 bytes JMP 00000000288cc330 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000764e4889 5 bytes JMP 00000000288cb2d0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000764ed1ea 5 bytes JMP 00000000288cbb10 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA 00000000764f469b 5 bytes JMP 00000000288cb7e0 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000764f7673 5 bytes JMP 00000000288cb670 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\SpotifyWebHelper.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007743000c 1 byte [C3] .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000774bf11a 5 bytes JMP 0000000077478a53 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Mikołaj\AppData\Roaming\Spotify\Spotify.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000751d1401 2 bytes JMP 7693b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000751d1419 2 bytes JMP 7693b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000751d1431 2 bytes JMP 769b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000751d144a 2 bytes CALL 769148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000751d14dd 2 bytes JMP 769b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000751d14f5 2 bytes JMP 769b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000751d150d 2 bytes JMP 769b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000751d1525 2 bytes JMP 769b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000751d153d 2 bytes JMP 7692fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000751d1555 2 bytes JMP 76936937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000751d156d 2 bytes JMP 769b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000751d1585 2 bytes JMP 769b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000751d159d 2 bytes JMP 769b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000751d15b5 2 bytes JMP 7692fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000751d15cd 2 bytes JMP 7693b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000751d16b2 2 bytes JMP 769b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe[4884] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000751d16bd 2 bytes JMP 769b8839 C:\Windows\syswow64\kernel32.dll ---- Devices - GMER 2.2 ---- Device \Driver\WudfPf \Device\HostProcess-8cbbc76d-cd1f-4147-a4af-4549ba80bf62 fffff88009992910 Device \Driver\WudfPf \Device\WUDFLpcDevice fffff88009992910 Device \FileSystem\srv \Device\LanmanServer fffff88009901c60 Device \Driver\WudfPf \Device\HostProcess-efedbf26-f99f-4ad9-a271-3887d3c04c76 fffff88009992910 Device \Driver\WudfPf \Device\HostProcess-67caf70e-96df-4151-be5e-2f954f1b67fb fffff88009992910 Device \Driver\IPNAT \Device\IPNAT fffff88009963624 Device \Driver\SPBIUpdd \Device\SPBIWatcherDevice fffff8800995d980 Device \Driver\WudfPf \Device\HostProcess-17a79a47-4eb9-4320-ab74-42611e12fd5c fffff88009992910 Device \Driver\WudfPf \Device\ProcessManagement fffff88009992910 Device \FileSystem\srv2 \Device\Srv2 fffff88006e445a0 Device \Driver\WUDFRd \Device\UMDFCtrlDev-69fcbe79-13ad-11e6-a706-40167ea7e0f8 fffff880099af3f4 ---- Files - GMER 2.2 ---- File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Extension State\000003.log 1440382 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5CB0.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5CF0.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5D40.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5D90.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5DE0.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5E20.tmp 28134 bytes File C:\Users\Mikołaj\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\5E61.tmp 28134 bytes ---- EOF - GMER 2.2 ----