GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-17 21:42:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.JC4A 931,51GB Running: gmer.exe; Driver: C:\Users\Stefcio\AppData\Local\Temp\pwryifod.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1904] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\uTorrent.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1600] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077246420 5 bytes JMP 00000000655e22c0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[1600] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077246510 5 bytes JMP 00000000655e2160 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Stefcio\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1400] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000723313b0 2 bytes JMP 765455f8 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1400] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000723313c0 2 bytes CALL 751d9cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1400] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007233153e 2 bytes CALL 765d7774 C:\Windows\syswow64\SHELL32.dll .text C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1400] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000072331553 2 bytes CALL 771310ff C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000723313b0 2 bytes JMP 765455f8 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[4132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000723313c0 2 bytes CALL 751d9cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\rundll32.exe[4132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007233153e 2 bytes CALL 765d7774 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[4132] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000072331553 2 bytes CALL 771310ff C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Real\RealPlayer\RealDownloader\downloader2.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bd1401 2 bytes JMP 7715b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bd1419 2 bytes JMP 7715b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bd1431 2 bytes JMP 771d9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bd144a 2 bytes CALL 77134885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bd14dd 2 bytes JMP 771d8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bd14f5 2 bytes JMP 771d8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bd150d 2 bytes JMP 771d8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bd1525 2 bytes JMP 771d8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bd153d 2 bytes JMP 7714fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bd1555 2 bytes JMP 77156907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bd156d 2 bytes JMP 771d9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bd1585 2 bytes JMP 771d8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bd159d 2 bytes JMP 771d88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bd15b5 2 bytes JMP 7714fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bd15cd 2 bytes JMP 7715b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bd16b2 2 bytes JMP 771d90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\PacificPoker\bin\poker.exe[6832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bd16bd 2 bytes JMP 771d8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 14 bytes {MOV RAX, 0x7fee8908d50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007749bc00 7 bytes [48, B8, 74, 0B, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 000000007749bc08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 000000007749bd70 7 bytes {ADD [RAX-0x48], CL; CALL 0x13f1e13} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 000000007749bd78 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007749bd90 7 bytes [48, B8, 94, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007749bd98 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007749bda0 7 bytes [48, B8, 98, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 000000007749bda8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007749bdb0 7 bytes [48, B8, 58, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007749bdb8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007749bdd0 7 bytes [48, B8, C4, 0A, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007749bdd8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 000000007749be20 7 bytes [48, B8, 58, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 000000007749be28 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 000000007749be30 7 bytes [48, B8, D0, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 000000007749be38 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007749be60 7 bytes [48, B8, 3C, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 000000007749be68 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 000000007749bf00 7 bytes [48, B8, 70, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 000000007749bf08 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007749c080 7 bytes [48, B8, C8, 0C, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007749c088 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007749caf0 7 bytes [48, B8, B8, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007749caf8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007749cb40 7 bytes [48, B8, 70, 0F, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 000000007749cb48 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 000000007749cc90 7 bytes [48, B8, 84, 0D, 1E, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 000000007749cc98 6 bytes {ADD [RAX], AL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\mfevtps.exe[2168] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13ff92080] C:\Windows\system32\mfevtps.exe IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed6d67d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed6d67598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed6d67cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed6d67f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2920] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed5f22164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed6d67d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed6d67598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed6d67cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed6d67f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6684] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed5f22164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed6d67d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed6d67598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed6d67cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed6d67f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7304] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed5f22164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fed6d67d10] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fed6d67598] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fed6d67cf8] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fed6d67f4c] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[364] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fed5f22164] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread [6280:6244] 00000000103c9f80 Thread [6280:3684] 0000000077681697 Thread [6280:7112] 000000005cd3996c Thread [6280:7116] 000000005cd3996c Thread [6280:7120] 000000005cd3996c Thread [6280:4564] 000000005cd3996c Thread [6280:3140] 000000005cd3996c Thread [6280:3136] 000000005cd3996c Thread [6280:3352] 00000000751e12e5 Thread [6280:4412] 0000000074d3a3e0 Thread [6280:3048] 0000000077687ad8 Thread [6280:5388] 0000000077687ad8 ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\temp\aulauncher.exe 1 ---- EOF - GMER 2.2 ----