GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-29 14:15:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TS128GSSD370S rev.N1114H 119,24GB Running: r2ht2zlp.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\fxrdqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\Antivirus\avguard.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000077413efc 13 bytes JMP 000000000f7981b0 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!SetWindowPos 00000000766c8e4e 5 bytes JMP 000000000f798010 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000766d0e13 1 byte JMP 000000000f797e70 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!ShowWindow + 2 00000000766d0e15 3 bytes {JMP 0xffffffff990c705d} .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!SetFocus 00000000766d1f9d 5 bytes JMP 000000000f797f50 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!SetActiveWindow 00000000766d2fb0 5 bytes JMP 000000000f7980f0 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000766d3710 13 bytes JMP 000000000f797b30 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000766d872b 13 bytes JMP 000000000f797c00 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 0000000076709114 13 bytes JMP 000000000f797cd0 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000076727e2f 5 bytes JMP 000000000f797d90 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\ole32.dll!DoDragDrop 00000000761ca89f 13 bytes JMP 000000000f797a60 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text D:\Origin\Origin.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3248] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076602bdc 5 bytes JMP 0000000051d08d9e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076602e7e 5 bytes JMP 0000000051d08e08 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000063ed17fa 2 bytes CALL 774111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000063ed1860 2 bytes CALL 774111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000063ed1942 2 bytes JMP 764e6da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000063ed194d 2 bytes JMP 764ee8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[3168] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text D:\Origin\OriginWebHelperService.exe[6372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[6696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cd1401 2 bytes JMP 7743b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cd1419 2 bytes JMP 7743b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cd1431 2 bytes JMP 774b9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cd144a 2 bytes CALL 77414885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cd14dd 2 bytes JMP 774b8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cd14f5 2 bytes JMP 774b8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cd150d 2 bytes JMP 774b8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cd1525 2 bytes JMP 774b8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cd153d 2 bytes JMP 7742fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cd1555 2 bytes JMP 77436907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cd156d 2 bytes JMP 774b9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cd1585 2 bytes JMP 774b8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cd159d 2 bytes JMP 774b88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cd15b5 2 bytes JMP 7742fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cd15cd 2 bytes JMP 7743b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cd16b2 2 bytes JMP 774b90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[7432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cd16bd 2 bytes JMP 774b8891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7feebe1bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7feebe1a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7feebe1a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7feebe1bcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7feebe1ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7feebe1bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7feebe1d12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7feebe1abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7feebe1a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7feebe1abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7feebe1ab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7feebe1a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7feebe1abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7feebe1a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7feebe1ab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7feebe1a890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7feebe1bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7feebe1abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7feebe1aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7feebe1a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7feebe1b3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7feebe1ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7feebe1a9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7feebe1a924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7feebe1aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7feebe1a580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7feebe1a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7feebe1a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7feebe1bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7feebe1a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7feebe1abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7feebe1a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7feebe1b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7feebe1b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7feebe1baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7feebe1bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd3e4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7feebe1a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[6492] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7feebe1a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7084:6304] 000007fefb932be0 Thread D:\Origin\QtWebEngineProcess.exe [5344:6112] 00000000111d4780 Thread D:\Origin\QtWebEngineProcess.exe [5344:7780] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:7960] 0000000077adf523 Thread D:\Origin\QtWebEngineProcess.exe [5344:7176] 0000000077ae046c Thread D:\Origin\QtWebEngineProcess.exe [5344:6804] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:3204] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:7172] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:6444] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:8252] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:8256] 000000001046d420 Thread D:\Origin\QtWebEngineProcess.exe [5344:7120] 0000000077ae046c ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ED310757-52EB-42DD-939D-801DE637ADF0}@InterfaceName isatap.{D3D9093A-110D-4ED9-8105-50544F3F3D7F} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{ED310757-52EB-42DD-939D-801DE637ADF0}@ReusableType 0 ---- Files - GMER 2.2 ---- File C:\Windows\Temp\{0754B450-FB3D-491C-B9E6-EA16D59ACDD4}-DropboxClient_7.4.30.exe (size mismatch) 26139585/0 bytes executable ---- EOF - GMER 2.2 ----