GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-15 20:16:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST500LM000-1EJ162 rev.SM28 465,76GB Running: rmq2tm48.exe; Driver: C:\Users\z00269rd\AppData\Local\Temp\fxroypoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1484] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1536] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[2096] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2444] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe[2728] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3408] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[4832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe[5532] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5220] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CCM\CcmExec.exe[6192] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6920] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[6968] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe[3260] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\KERNEL32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a61401 2 bytes JMP 76d5b233 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a61419 2 bytes JMP 76d5b35e C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a61431 2 bytes JMP 76dd9149 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a6144a 2 bytes CALL 76d34885 C:\WINDOWS\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a614dd 2 bytes JMP 76dd8a42 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a614f5 2 bytes JMP 76dd8c18 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a6150d 2 bytes JMP 76dd8938 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a61525 2 bytes JMP 76dd8d02 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a6153d 2 bytes JMP 76d4fcc0 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a61555 2 bytes JMP 76d56907 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a6156d 2 bytes JMP 76dd9201 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a61585 2 bytes JMP 76dd8d62 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a6159d 2 bytes JMP 76dd88fc C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a615b5 2 bytes JMP 76d4fd59 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a615cd 2 bytes JMP 76d5b2f4 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a616b2 2 bytes JMP 76dd90c4 C:\WINDOWS\syswow64\kernel32.dll .text C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE[7300] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a616bd 2 bytes JMP 76dd8891 C:\WINDOWS\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fedc73b4f4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fedc73bbc8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fedc73b6d0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fedc73baa8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fedc73a184] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fedc73b6d0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fedc73b4f4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fedc73baa8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fedc73a184] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fedc73bcb0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fedc73b4f4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fedc73ba0c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fedc73b6d0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fedc73bbc8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fedc73d12c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fedc73baa8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fedc73abe0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fedc73a6e0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fedc73a184] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fedc73a6e0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fedc73abe0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fedc73ab7c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fedc73a2d8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fedc73abe0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fedc73a184] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fedc73ab04] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fedc73a890] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fedc73bbc8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fedc73b4f4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fedc73baa8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fedc73b6d0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fedc73abe0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fedc73a6e0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fedc73aa1c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fedc73a2d8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fedc73b3dc] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fedc73a804] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fedc73ba0c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7fedc73a9a0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7fedc73a924] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7fedc73aa1c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7fedc73a580] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7fedc73a5e4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7fedc73a6e0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fedc73baa8] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fedc73b4f4] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fedc73b6d0] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fedc73a42c] C:\WINDOWS\AppPatch\AppPatch64\AcGenral.DLL IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll IAT C:\WINDOWS\system32\msiexec.exe[2392] @ C:\WINDOWS\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefcc94230] C:\WINDOWS\system32\apphelp.dll ---- EOF - GMER 2.2 ----